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Abstract We propose a set of transformation rules for constraint logic 
programs with negation. We assume that every program is locally strati- 
fied and, thus, it has a unique perfect model. We give sufficient conditions 
which ensure that the proposed set of transformation rules preserves the 
perfect model of the programs. Our rules extend in some respects the 
rules for logic programs and constraint logic programs already consid- 
ered in the literature and, in particular, they include a rule for unfolding 
a clause with respect to a negative literal. 



1 Introduction 

Program transformation is a very powerful methodology for developing correct 
and efficient programs from formal specifications. This methodology is particu- 
larly convenient in the case of declarative programming languages, where pro- 
grams are formulas and program transformations can be viewed as replacements 
of formulas by new, equivalent formulas. 

The main advantage of using the program transformation methodology for 
program development is that it allows us to address the correctness and the effi- 
ciency issues at separate stages. Often little effort is required for encoding formal 
specifications (written by using equational or logical formalisms) as declarative 
programs (written as functional or logic programs). These programs are correct 
by construction, but they are often computationally inefficient. Here is where 
program transformation comes into play: from a correct (and possibly inefficient) 
initial program version we can derive a correct and efficient program version by 
means of a sequence of program transformations that preserve correctness. We 
say that a program transformation preserves correctness, or it is correct, if the 
semantics of the initial program is equal to the semantics of the derived program. 

A very popular approach followed when applying the program transformation 
methodology, is the one based on transformation rules and strategies : the rules 
are elementary transformations that preserve the program semantics and the 
strategies are (possibly nondeterministic) procedures that guide the application 
of transformation rules with the objective of deriving efficient programs. Thus, a 



program transformation is realized by a sequence Pq, . . . ,Pn of programs, called 
a transformation sequence, where, for i = 0, . . . ,n— 1, Pk+i is derived from Pk 
by applying a transformation rule according to a given transformation strategy. 
A transformation sequence is said to be correct if the programs Pq,. . . ,Pn have 
the same semantics. 

Various sets of program transformation rules have been proposed in the liter- 
ature for several declarative programming languages, such as, functional j9l39| . 
logic constraint j7llll27| . and functional-logic languages Q]. In this paper 
we consider a constraint logic programming language with negation p..9'285 and 
we study the correctness of a set of transformation rules that extends the sets 
which were already considered for constraint logic programming languages. We 
will not deal here with transformation strategies, but we will show through some 
examples (see SectionEJ that the transformation rules can be applied in a rather 
systematic (yet not fully automatic) way. 

We assume that constraint logic programs are locally stratified [4'355. This 
assumption simplifies our treatment because the semantics of a locally stratified 
program is determined by its unique perfect model which is equal to its unique 
stable model, which is also its unique, total well-founded model (The def- 

initions of locally stratified programs, perfect models, and other notions used in 
this paper are recalled in Section |2l) 

The set of transformation rules we consider in this paper includes the unfold- 
ing and folding rules (see, for instance, [7lllllfill7l23l27l29l31l37t38»4r)i42i43i44) V 
In order to understand how these rules work, let us first consider propositional 
programs. The definition of an atom a in a program is the set of clauses that 
have a as head. The atom a is also called the definiendum. The disjunction of the 
bodies of the clauses that constitute the definition of a, is called the definiens. 
Basically, the appHcation of the unfolding rule consists in replacing an atom oc- 
curring in the body of a clause by its definiens and then applying, if necessary, 
some suitable boolean laws to obtain clauses. For instance, given the following 
programs Pi and P2: 

Pi: p ^ q A r P2: p ^ ->a A r 

q ^ p ^ b Ar 

q b q <— -la 

q^b 

we have that by unfolding the first clause of program Pi we get program P2 . 

Folding is the inverse of unfolding and consists in replacing an occurrence 
of a definiens by the corresponding occurrence of the definiendum (before this 
replacement we may apply suitable boolean laws). For instance, by folding the 
first two clauses of P2 using the definition of q, we get program Pi. An important 
feature of the folding rule is that the definition used for folding may occur in a 
previous program in the transformation sequence. The formal definitions of the 
unfolding and folding transformation rules for constraint logic programs will be 
given in Sectional The usefulness of the program transformation approach based 
on the unfolding and folding rules, is now very well recognized in the scientific 
community as indicated by a large number of papers (see |22| for a survey) . 
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A relevant property we will prove in this paper is that the unfolding of a clause 
w.r.t. an atom occurring in a negative literal, also called negative unfolding, 
preserves the perfect model of a locally stratified program. This property is 
interesting, because negative unfolding is useful for program transformation, 
but it may not preserve the perfect models (nor the stable models, nor the well- 
founded model) if the programs are not locally stratified. For instance, let us 
consider the following programs Pi and P2: 

Pi- P^^q P2: p<~p 

q^^p q^^p 
Program P2 can be obtained by unfolding the first clause of Pi (i.e., by first 
replacing q by the body of the clause defining q, and then replacing -i^p by 
p). Program Pi has two perfect models: {p} and {q}, while program P2 has the 
unique perfect model {q}. 

In this paper we consider the following transformation rules (see Section inj: 
definition introduction and definition elimination (for introducing and elimi- 
nating definitions of predicates), positive and negative unfolding, positive and 
negative folding (that is, unfolding and folding w.r.t. a positive and a negative 
occurrence of an atom, respectively), and also rules for applying boolean laws 
and rules for manipulating constraints. 

Similarly to other sets of transformation rules presented in the literature 
(see, for instance, jll7l9llll27l39l44| '). a transformation sequence constructed by 
arbitrary applications of the transformation rules presented in this paper, may 
be incorrect. As customary, we will ensure the correctness of transformation 
sequences only if they satisfy suitable properties: we will call them admissible 
sequences (see Section^. Although our transformation rules are extensions or 
adaptations of transformation rules already considered for stratified logic pro- 
grams or logic programs, in general, for our correctness proof we cannot rely 
on already known results. Indeed, the definition of an admissible transforma- 
tion sequence depends on the interaction among the rules and, in particular, 
correctness may not be preserved if we modify even one rule only. 

To see that known results do not extend in a straightforward way when 
adding negative unfolding to a set of transformation rules, let us consider the 
transformation sequences constructed by first (1) unfolding all clauses of a defi- 
nition S and then (2) folding some of the resulting clauses by using the definition 
S itself. If at Step (1) we use positive unfolding only, then the perfect model se- 
mantics is preserved |87l42j , while this semantics may not be preserved if we use 
negative unfolding, as indicated by the following example. 

Example 1. Let us consider the transformation sequence Pq,Pi,P2, where: 
Pq: p{X)^^q{X) Pi: p{X) ^ X <0 A ^q{X) P2: p{X) ^ X <0 A p{X) 
q{X) ^X>{) q{X) ^ X>{) q{X) ^ X > 

q{X) ^ q{X) q{X) ^ q{X) q{X) ^ q{X) 

Program Pi is derived by unfolding the first clause of Pq w.r.t. the negative literal 
-^q{X) (that is, by replacing the definiendum q{X) by its definiens X > Q\/ q{X), 
and then applying De Morgan's law). Program P2 is derived by folding the first 
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clause of Pi using the definition p{X) <— -^q{X) in Pq. We have that, for any 
a < 0, the atom p{a) belongs to the perfect model of Pq, while p{a) does not 
belong to the perfect model of P2- 

The main result of this paper (see TheoremElin Sectional shows the correctness 
of a transformation sequence constructed by first (1) unfolding all clauses of 
a (non-recursive) definition S w.r.t. a positive literal, then (2) unfolding zero 
or more clauses w.r.t. a negative literal, and finally (3) folding some of the 
resulting clauses by using the definition S. The correctness of such transformation 
sequences cannot be established by the correctness results presented in |37l42j . 

The paper is structured as follows. In Section |2l we present the basic def- 
initions of locally stratified constraint logic programs and perfect models. In 
Section we present our set of transformation rules and in Section 01 we give 
sufficient conditions on transformation sequences that ensure the preservation 
of perfect models. In Section we present some examples of program derivation 
using our transformation rules. In all these examples the negative unfolding rule 
plays a crucial role. Finally, in Section El we discuss related work and future 
research. 

2 Preliminaries 

In this section we recall the syntax and semantics of constraint logic programs 
with negation. In particular, we will give the definitions of locally stratified 
programs and perfect models. For notions not defined here the reader may refer 
to [2.4.19, 2n.2fi|. 

2.1 Syntax of Constraint Logic Programs 

We consider a first order language C generated by an infinite set Vars of variables, 
a set Funct of function symbols with arity, and a set Pred of predicate symbols 
(or predicates, for short) with arity. We assume that Pred is the union of two 
disjoint sets: (i) the set Predc of constraint predicate symbols, including the 
equality symbol =, and (ii) the set Predu of user defined predicate symbols. 

A term of C is either a variable or an expression of the form /(^i, . . . , i„), 
where / is an n-ary function symbol and ii, . . . , i„ are terms. An atomic formula 
is an expression of the form p{ti, . . . ,tn) where p is an n-ary predicate symbol 
and ti, . . . ,tn are terms. A formula of C is either an atomic formula or a formula 
constructed from atomic formulas by means of connectives (^, A, V, ^) 
and quantifiers (E3, V). 

Let e be a term, or a formula, or a set of terms or formulas. The set of 
variables occurring in e is denoted by vars{e). Given a formula ip, the set of the 
free variables occurring in Lp is denoted by FV{(p). A term or a formula is ground 
iff it does not contain variables. Given a set X = {Xi, . . . of n variables, 

by \/X ip we denote the formula VXi . . . VX„ ip. By y{p) we denote the universal 
closure of p, that is, the formula VX (p, where FV{(p) — X. Analogous notations 
will be adopted for the existential quantifier 3. 
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A primitive constraint is an atomic formula p{ti, . . . , i„) where p is a predi- 
cate symbol in Predc- The set C of constraints is the smallest set of formulas of C 
that contains all primitive constraints and is closed w.r.t. negation, conjunction, 
and existential quantification. This closure assumption simplifies our treatment, 
but as we will indicate at the end of this section, we can do without it. 

An atom is an atomic formula p(ti, . . . ,tn) where p is an element of Predu 
and ti, . . . ,tn are terms. A literal is either an atom A, also called positive literal, 
or a negated atom -^A, also called negative literal. Given any literal L, by L 
we denote: (i) -lA, if L is the atom A, and (ii) A, if L is the negated atom 
^A. A goal is a (possibly empty) conjunction of literals (here we depart from 
the terminology used in {2|261 . where a goal is defined as the negation of a 
conjunction of literals). A constrained literal is the conjunction of a constraint 
and a literal. A constrained goal is the conjunction of a constraint and a goal. 

A clause 7 is a formula of the form H ^ cAG, where: (i) H is an atom, called 
the head of 7 and denoted hd{j), and (ii) c A G is a constrained goal, called the 
body of 7 and denoted bd{j). A conjunction of constraints and/or literals may 
be empty (in which case it is equivalent to true). A clause of the form H ^ a, 
where c is a constraint and the goal part of the body is the empty conjunction 
of literals, is called a constrained fact. A clause of the form H <— , whose body is 
the empty conjunction, is called a fact. 

A constraint logic program (or program, for short) is a finite set of clauses. A 
definite clause is a clause whose body has no occurrences of negative literals. A 
definite program is a finite set of definite clauses. 

Given two atoms p{ti, . . . ,i„) and p{ui, . . . ,u„), we denote by p{ti, . . . ,t„) 
= p{ui, . . . ,Un) the constraint: ii = ui A . . . A i„ = u„. For the notion of 
substitution and for the application of a substitution to a term we refer to 
|2l2fi| . Given a formula ip and a substitution {Xi/ti, . . . , Xn/tn} we denote by 
(p{Xi/ti, . . . , Xn/tn} the result of simultaneously replacing in (p all free occur- 
rences of Xi, . . . , Xn by i 1 , . . . , i„ . 

We say that a predicate p immediately depends on a predicate g in a program 
P iff there exists in P a clause of the form p{. . .) <— _B and q occurs in B. We 
say that p depends on q in P iff there exists a sequence pi, . . . ,pn, with n > 1, 
of predicates such that: (i) pi — p, (ii) p„ = q, and (iii) for i = 1, . . . ,n—l, pi 
immediately depends on Pi+i. Given a user defined predicate p and a program 
P, the definition of p in P, denoted Def{p, P), is the set of clauses 7 in P such 
that p is the predicate symbol of hd{'-^). 

A variable renaming is a bijective mapping from Vars to Vars. The applica- 
tion of a variable renaming p to a formula Lp returns the formula p{(p), which is 
said to be a variant of p, obtained by replacing each (bound or free) variable 
occurrence Xinphy the variable p{X). A variant of a set {pi, . . . ,pn} of formu- 
las is the set {p{pi), . . . , p{pn)}, also denoted p{{pi, ■ ■ . , Pn})- During program 
transformation we will feel free to silently apply variable renamings to clauses 
and to sets of clauses because, as the reader may verify, they preserve program 
semantics (see Section [2^ . Moreover, we will feel free to change the names of the 
bound variables occurring in constraints, as usually done in predicate calculus. 
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2.2 Semantics of Constraint Logic Programs 

In this section we present the definition of the semantics of constraint logic 
programs with negation. This definition extends similar definitions given in the 
literature for definite constraint logic programs |TS| and logic programs with 
negation |4l^i5j . 

We proceed as follows: (i) we define an interpretation for the constraints, 
following the approach used in first order logic (see, for instance, |2i), (ii) we 
introduce the notion of V-model, that is, a model for constraint logic programs 
which is parametric w.r.t. the interpretation V for the constraints, (iii) we intro- 
duce the notion of locally stratified program, and finally, (iv) we define the perfect 
V-model (also called perfect model, for short) of locally stratified programs. 

An interpretation V for the constraints consists of: (1) a non-empty set D, 
called carrier, (2) an assignment of a function /-p : Z?" ^ D to each n-ary function 
symbol / in Funct, and (3) an assignment of a relation p-v over 13" to each n-ary 
predicate symbol in Predc- In particular, V assigns the set {{d,d)\d ^ D} to the 
equality symbol =. 

We assume that is a set of ground terms. This is not restrictive because 
we may add suitable 0-ary function symbols to L. 

Given a formula ip whose predicate symbols belong to Predc, we consider the 
satisfaction relation V \= ip, which is defined as usual in first order predicate 
calculus (see, for instance, (2]). A constraint c is said to be satisfiable iff its 
existential closure is satisfiable, that is, V \= 3(c). If I? ^ 3(c), then c is said to 
be unsatisfiahle in V. 

Given an interpretation V for the constraints, a V- interpretation I assigns a 
relation over D" to each n-ary user defined predicate symbol in Pred^, that is, I 
can be identified with a subset of the set Bx) of ground atoms defined as follows: 
— {p{di, . . . , (i„) I p is a predicate symbol in Pred^ and (di, . . . , d„) e £)"}. 
A valuation is a function v. Vars D. We extend the domain of a valuation 
V to terms, constraints, literals, and clauses as we now indicate. Given a term 
t, we inductively define the term v{t) as follows: (i) if t is a variable X then 
v{t) — v{X), and (ii) if t is f{ti, . . . , i„) then v{t) — f-D{v{ti), . . . , v{tn))- Given 
a constraint c, v{c) is the constraint obtained by replacing every free variable 
X S FV{c) by the ground term v{X). Notice that v{c) is a closed formula which 
may be not ground. Given a literal L, (i) if L is the atom p{ti, . . . , t„), then v{L) 
is the ground atom p{v{ti), . . . , v{tn)), and (ii) if L is the negated atom ^A, then 
v{L) is the ground, negated atom -^v{A). Given a clause 7: iZ ^ cAii A. . . AL™, 
v{'y) is the clause v{H) ^ v{c) A v{Li) A ... A w(L,„). 

Let / be a P-interpretation and v a valuation. Given a literal L, we say that 
v{L) is true in I iff either (i) L is an atom and v{L) G /, or (ii) L is a negated 
atom -lA and v{A) ^ I. We say that the literal v{L) is false in I iff it is not 
true in /. Given a clause 7: H <— c A Li /\ . . . A Lm, ^(7) is true in I iff either 
(i) v{H) is true in /, or (ii) V ^ v{c), or (iii) there exists i G {1, . . . , m} such 
that v{Li) is false in /. 

A D- interpretation / is a V-model of a program P iff for every clause 7 in P 
and for every valuation v, we have that v{'j) is true in /. It can be shown that 
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every definite constraint logic program P has a least 2?-model w.r.t. set inclusion 
(see, for instance (201) ■ 

Unfortunately, constraint logic programs which are not definite may fail to 
have a least P-model. For example, the program consisting of the clause p ^ ->q 
has the two minimal (not least) models {p} and {q}. This fact has motivated 
the introduction of the set of locally stratified programs ■4"35]. For every locally 
stratified program one can associate a unique (minimal, but not least, w.r.t. set 
inclusion) model, called perfect model, as follows. 

A local stratification is a function a: Bv W, where W is the set of countable 
ordinals. If ^ £ B-p and cr{A) is the ordinal a, we say that the stratum of A 
is a. Given a clause 7 in a program P, a valuation v, and a local stratification 
a, we say that a clause ^(7) of the form: H ^ c A Li A . . . A L„l is locally 
stratified w.r.t. a iff either V \= or, for i = 1, . . . , to, if is an atom A then 
a{H) > cr{A) else if Li is a negated atom -lA then (j{H) > <j{A). Given a local 
stratification a, we say that program P is locally stratified w.r.t. cr, or cr is a 
local stratification for P, iff for every clause 7 in P and for every valuation v, 
the clause ^(7) is locally stratified w.r.t. cr. A program P is locally stratified iff 
there exists a local stratification a such that P is locally stratified w.r.t. a. For 
instance, let us consider the following program Even: 

even{0) ^ 

even{X) X = Y+1 A -neven{Y) 

where the interpretation for the constraints is as follows: (1) the carrier is the set 
of the natural numbers, and (2) the addition function is assigned to the function 
symbol +. The program Even is locally stratified w.r.t. the stratification function 
a such that for every natural number n, a{even(n)) = n. 

The perfect model of a program P which is locally stratified w.r.t. a stratifi- 
cation function a is the least P-model of P w.r.t. a suitable ordering based on 
a, as specified by the following definition. This ordering is, in general, different 
from set inclusion. 

Definition 1. {Perfect Model) j^. Let P be a locally stratified program, let a 
he any local stratification for P, and let I , J be V -interpretations. We say that 
I is preferable to J, and we write I < J iff for every Ai G I — J there exists 
A2 G J — I such that cr(Ai) > a{A2). A V-model M of P is called a perfect 
P-model (or a perfect model, for short) iff for every V-model N of P different 
from M, we have that M ^N. 

It can be shown that the perfect model of a locally stratified program always 
exists and does not depend on the choice of the local stratification function a, 
as stated by the following theorem. 

Theorem 1 . Every locally stratified program P has a unique perfect model 
M{P). 

By Theorem M{P) is the least P-model of P w.r.t. the -< ordering. For 
instance, the perfect model of the program consisting of the clause p <— -ig is 
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{p} because cr(p) > o-(g) and, thus, the X'-model {p} is preferable to the 2?-model 
{q} (i.e., {p} -< {q} ). Similarly, it can be verified that the perfect model of the 
program Even is M{Even) — {even{n) | n is an even non-negative integer}. In 
Section^lwe will provide a method for constructing the perfect model of a locally 
stratified program based on the notion of proof tree. 

Let us conclude this section by showing that the assumption that the set C of 
constraints is closed w.r.t. negation, conjunction, and existential quantification 
is not really needed. Indeed, given a locally stratified clause H ^ c A G, where 
the constraint c is written by using negation, or conjunction, or existential quan- 
tification, we can replace H ^ c A G hy an equivalent set of locally stratified 
clauses. For instance, if c is 3X d then we can replace <— c A G by the two 
clauses: 

H ^ newp{Yi, ...,¥„) AG 
newp{Yi,. . .,Y„) ^ d 

where newp is a new, user defined predicate and {Yi, . . . = FV{3Xd). 
Analogous replacements can be applied in the case where a constraint is written 
by using negation or conjunction. 

3 The Transformation Rules 

In this section we present a set of rules for transforming locally stratified con- 
straint logic programs. We postpone to Section|£|the detailed comparison of our 
set of transformation rules with other sets of rules which were proposed in the 
literature for transforming logic programs and constraint logic programs. The 
application of our transformation rules is illustrated by simple examples. More 
complex examples will be given in Sectional 

The transformation rules are used to construct a transformation sequence, 
that is, a sequence Pq, . . . ,Pn of programs. We assume that Pq is locally strat- 
ified w.r.t. a fixed local stratification function a: B-p — > W, and we will say 
that Pq, . . . ,Pn is constructed using a. We also assume that we are given a set 
Predint C Predu of predicates of interest. 

A transformation sequence Pq, . . . , Pn is constructed as follows. Suppose that 
we have constructed a transformation sequence Pq, . . . ,Pk, for < fc < n — 1, the 
next program Pk+i in the transformation sequence is derived from program Pk 
by the application of a transformation rule among Rl-RlO defined below. 

Our first rule is the definition introduction rule, which is applied for intro- 
ducing a new predicate definition. Notice that by this rule we can introduce a 
new predicate defined by m (> 1) non- recursive clauses. 

Rl. Definition Introduction. Let us consider m (>1) clauses of the form: 
5i : newp{Xi, . . . , Xh) ^ ci A Gi 

5„i : newp{Xi, . . . , Xh) <- c„i A Gm. 
where: 
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(1) newp is a predicate symbol not occurring in {Pq, . . . ,Pk}, 

(ii) Xi, . . . , Xh are distinct variables occurring in FV{{ci A Gi, . . . , c™ A Gm}), 

(iii) every predicate symbol occurring in {Gi, . . . , Gm} also occurs in Pq, and 

(iv) for every ground substitution with domain {^i, . . . , Xh}, 
a{ne'wp{Xi, . . . , is the least ordinal a such that, for every valuation v and 
for every i — 1, . . . , m, 

either (iv.l) V ^ -iu(ci?9) or (iv.2) for every literal L occurring in w(Gji9), if L 
is an atom A then q;>(t(A) else if L is a negated atom -lA then a>(T(^). 
By definition introduction (or definition, for short) from program Pfc we derive 
the program Pk+i — PfcU{(5i, . . . , Sm}. For fc > 0, Defs^. denotes the set of clauses 
introduced by the definition rule during the transformation sequence Pq, . . . ,Pk. 
In particular, Defs^ — 0. 

Condition (iv), which is needed to ensure that cr is a local stratification for 
each program in the transformation sequence Pq, . . . , Pk+i (see Proposition , 
is not actually restrictive, because newp is a predicate symbol not occurring 
in Pq and, thus, we can always choose the local stratification a for Pq so that 
Condition (iv) holds. As a consequence of Condition (iv), a{newp{Xi, . . . , Xh)'&) 
is the least upper bound of Sp U Sn w.r.t. < where: 

Sp — {(t{A) I l<i<m, z; is a valuation, A occurs in v{Gi^), 
V 1= v{c^■^)}, and 

Sn — {(t{A) + 1 I l<i<m, is a valuation, -^A occurs in v{Gid), 

In particular, if for i — 1, . . . ,m, T> \^ -^3{cid), then S'p U S'„ = and we have 
that a{newp{Xi, . . . ,Xh)i}) — 0. 

The definition elimination rule is the inverse of the definition introduction 
rule. It can be used to discard from a given program the definitions of predicates 
which are not of interest. 

R2. Definition Elimination. Let p be a predicate such that no predicate of 
the set Predint of the predicates of interest depends on p in Pk. By eliminating 
the definition oi p, from program Pk we derive the new program Pk+i = Pk — 
Def{p,Pk). 

The unfolding rule consists in: (i) replacing an atom p{ti, . . . ,tra) occur- 
ring in the body of a clause, by a suitable instance of the disjunction of the 
bodies of the clauses which are the definition of p, and (ii) applying suitable 
boolean laws for deriving clauses. The suitable instance of Step (i) is computed 
by adding a constraint of the form p{ti , . . . ,tm) = K iov each head if of a clause 
in Def{p, Pk). There are two unfolding rules: (1) the positive unfolding rule, and 

(2) the negative unfolding rule, corresponding to the case where p{ti, . . . ,tm.) 
occurs positively and negatively, respectively, in the body of the clause to be 
unfolded. In order to perform Step (ii), in the case of positive unfolding we ap- 
ply the distributivity law, and in the case of negative unfolding we apply De 
Morgan's, distributivity, and double negation elimination laws. 

R3. Positive Unfolding. Let 7 : <— cAGl AAaGr be a clause in program 
Pk and let Pj. be a variant of Pk without common variables with 7. Let 
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• Km ^ Cm A -Bm 

where m > and Bi,. . . , Bm are conjunction of literals, be all clauses of program 

Pi such that, for i = 1, . . . ,m, D 1= 3(c A A = Xj A a). 

By unfolding clause 7 w.r.i. ifte aiom A we derive the clauses 

?7i : H ^ cA A = Ki AciAGl ABiAGr 

rjm- H ^ C A A = Km A Cm A Gl A Bm A Gr 

and from program Pk we derive the program Pk+i = [Pk — {7}) U I*?!, • • • , '7m}- 
Notice that if m = then, by positive unfolding, clause 7 is deleted from Pk- 

Example 2. Let Pk be the following program: 

1. p{X) ^X>lAq{X) 

2. g(V)^y = 

3. g(y) ^y = Z+l Ag(Z) 

where we assume that the interpretation for the constraints is given by the 
structure TZ of the real numbers. Let us unfold clause 1 w.r.t. the atom q{X). 
The constraint X>lAX = Y'Ay = constructed from the constraints of 
clauses 1 and 2 is unsatisfiable, that is, 7^ h -''^X3Y{X > \ A X = Y AY = Q), 
while the constraint X >1 A X = Y AY = Z constructed from the constraints 
of clauses 1 and 3, is satisfiable. Thus, we derive the following program Pfe+i: 
lu. p{X) ^ X>1 AX = Y AY = Z+lAq{Z) 

2. q{Y) ^ r = 

3. q{Y)^Y = Z+lAq{Z) 

R4. Negative Unfolding. Let 7 : H ^ c A Gl A -'A A Gr be a clause in 
program Pk and let P'^. be a variant of Pk without common variables with 7. 
Let 

71 : Ki ^ ci A Bi 

7m • Km ^ C'lyi A Bm, 

where m > and Bi, . . . , Bm are conjunction of literals, be all clauses of program 
Pi such that, for i = 1, . . . , m, "D ^ 3(c A A = Ki A Ci). Suppose that, for 

i = 1, . . . , TO, there exist an idempotent substitution = {Xn/tn, . . . , Xin/Un} 
and a constraint cli such that the following conditions hold: 

(i) P ^ V(c ^ iiA = Ki A c) ^ iXn=tii A ... A Xi„ = ti„ A di))), 

(ii) {Xa, Xin} C Vi, where Vi = FV{ji), and 

(iii) FV{di A Bi'di) C FV{c A A). 
Then, from the formula 

V'o : cAGlA^{3Vi (A = KiAciABi)y...\j3Vm{A = KmAcmABm))AGR 

we get an equivalent disjunction of constrained goals by performing the following 
steps. In these steps we silently apply the associativity of A and V. 
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Step 1. {Eliminate 3) Since Conditions (i), (ii), and (iii) hold, we derive from ipo 
the following equivalent formula: 

ijji: C A Gl A -.((dl A Bi'&i) V . . . V (rfrrj A Bm'&m)) A Gr 

Step 2. {Push inside) We apply to ^pl as long as possible the following rewrit- 
ings of formulas, where d is a constraint. At is an atom, G, Gi, G2 are goals, 
and £> is a disjunction of constrained literals: 

^{{d A G) V £>) — y -^{d AG) A^D 

-(d AG) — > ^dV{dA -G) 
^(Gi A G2) — > -Gi V ^G2 
-.-.At — > At 

Thus, from tjji we derive the following equivalent formula: 

^2: cAGi,A(-.di V {di A {Ln'&i V... V Lip^?i))) 
A ... 

A V {dm A {Lml'&rn V ... V 

AGfl 

where Ln A ... A Lip is Bi, . . ., and Lmi A ... A Lmq is -Bm . 

Step 3. {Push V outside) We apply to V'2 as long as possible the following rewrit- 
ing of formulas, where (pi, (p2, and (ps are formulas: 

ifi A {(p2 V (fa) — > {ipi A 1P2) V {ifii A ipz) 

and then we move constraints to the left of literals by applying the commutativity 
of A. Thus, from ^/'2 we get an equivalent formula of the form: 

ip^: (c A ei A Gl A Qi A Gr) V . . . V (c A A Gl A A Gr) 

where ei, . . . , are constraints and Qi, . . . ,Qr are goals. 

Step 4. {Remove unsatisfiable disjuncts) We remove from ■03 every disjunct (c A 
Cj A Gl a Qj A Gr), with 1 <j <r, such that V \= -.3(c A ej), thereby deriving 
an equivalent disjunction of constrained goals of the form: 

i/'4 : (c A ei A Gl A Qi A Gfl) V . . . V (c A A Gl A A Gr) 

By unfolding clause 7 w.r.t. the negative literal -^A we derive the clauses 

r]i: H ^cAciAGlAQiAGr 

r]s. H ^ cAcs AGl AQs AGr 
and from program Pk we derive the program Pk+i = {Pk — {7}) U {771, . . . , rjs}. 

Notice that: (i) if m = 0, that is, if we unfold clause 7 w.r.t. a negative literal -^A 
such that the constraint cAA = KiACi is satisfiable for no clause Ki <— CiABi in 
P^, then we get the new program Pk+i by deleting -^A from the body of clause 
7, and (ii) if we unfold clause 7 w.r.t. a negative literal ^A such that for some 
clause Ki -I— d A Bi in P^, 2? |= V(c — > 3Vi {A = Ki A Cj)) and Bi is the empty 
conjunction, then we derive the new program Pk+i by deleting clause 7 from Pk. 

An application of the negative unfolding rule is illustrated by the following 
example. 
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Example 3. Suppose that the foUowing clause belongs to program P^: 

7: h{X)^X>Qh^p{X) 
and let 

p{Y) ^ Y=z+\ ^z>Q^ q{Z) 

p{Y) ^Y = Z-lAZ>lAqlz) A^r{Z) 

be the definition of p in Pk- Suppose also that the constraints are interpreted in 
the structure TZ of the real numbers. Now let us unfold clause 7 w.r.t. ^p{X). 
We start off from the formula: 

^0 ■■ X>OA^{ 3Y3Z{X = Y AY = Z+lAZ>OAq{Z))V 

3Y3Z{X = Y AY = Z-lAZ>lAqlz) A^r{Z))) 

Then wc perform the four steps indicated in rule R4 as follows. 
Step 1. Since we have that: 

■R\=yX\/YVZ{X>0^ { {X = Y AY = Z+1AZ>0) ^ 

{Y = X AZ = X-1AX>1))) 

and 

']l\=yXVY\fZ{X>0^ { {X^Y AY = Z-\AZ>\) ^ 

(V = XAZ = X + 1))) 

we derive the formula: 

V'l : X>OA^((X>lAg(X-l))V(g(X + l)A^r(X + l))) 

Steps 2 and 3. By applying the rewritings indicated in rule R4 we derive the 
following formula: 

^3: (X>0A-.X>1 A-g(X + l))V 

(X > A -.X > 1 A r(X + 1)) V 

(X > A X > 1 A ^q{X-\) A + 1))V 

\x>{} AX> \ A ^q{X-\) Ar{X + \)) 
Step 4. Since all constraints in the formula derived at the end of Steps 2 and 3 
are satisfiable, no disjunct is removed. 

Thus, by unfolding h{X) <— X>0 A w.r.t. -^p[X^ we derive the following 

clauses: 

^X>OA-X>lA-g(X + l) 
h{X) ^X>0A-X>1 Ar(X + l) 

^X>0AX>1 A-g(X-l) A-g(X + l) 
h{X.) ^ X>0 AX>1 A-g(X-l) Ar(X + l) 

The validity of Conditions (i), (ii), and (iii) in the negative folding rule allows 
us to eliminate the existential quantifiers as indicated at Step 1. If these condi- 
tions do not hold and nonetheless we ehminate the existential quantifiers, then 
negative unfolding may be incorrect, as illustrated by the following example. 

Example 4- Let us consider the following programs Pq and Pi, where Pi is ob- 
tained by negative unfolding from Pq, but Conditions (i)-(ni) do not hold: 

Po: p^^q Pi: p ^ ^r{X) 

q ^ r{X) q ^ r{X) 

r{X)'^X = Q r{X)^X = Q 
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We have that: p ^ M{Po) while p G Af (Pi). (We assume that the carrier of the 
interpretation for the constraints contains at least one element different from 0.) 

The reason why the negative unfolding step of Example ^ is incorrect is that 
the clause q ^ r{X) is, as usual, implicitly universally quantified at the front, 
and yX {q is logically equivalent to q ^ 3Xr{X). Now, a correct 

negative unfolding rule should replace the clause p ^ ^q in program Pg by 
p <— -•3Xr{X), while in program Pi we have derived the clause p ^ ^'''{X) 
which, by making the quantification explicit at the front of the body, can be 
written as p ^ 3X ^r{X). 

The folding rule consists in replacing instances of the bodies of the clauses 
that are the definition of a predicate by the corresponding head. As for unfolding, 
we have a positive folding and a negative folding rule, depending on whether 
folding is applied to positive or negative occurrences of (conjunctions of) literals. 
Notice that by the positive folding rule we may replace to (> 1) clauses by one 
clause only. 

R5. Positive Folding. Let 7i, . • • ,7™, with m > 1, be clauses in Pk and let 
Defs'^ be a variant of Defsj^ without common variables with 71, . . . , 7™. Let the 
definition of a predicate in Defs'/. consist of the clauses 
Si: K ^diABi 

Sm ■■ K ^ dm A B,n 

where, for i — 1,...,to, Bi is a non-empty conjunction of literals. Suppose 
that there exists a substitution i? such that, for i = 1,...,to, clause 7^ is of 
the form 77 <— c A di-d A Gl A Bid A Gr and, for every variable X in the set 
FV{di A Bi) — FV{K), the following conditions hold: (i) X-d is a variable not 
occurring in {H, c, Gl,Gr}, and (ii) Xi? does not occur in the term Yd, for any 
variable Y occurring in di A Bi and different from X. 

By folding clauses 71, ... , 7^ using clauses Si, . . . ,6„i we derive the clause 77: 
H ^ c /\ Gl /\ K-d A Gr and from program Pk we derive the program Pk+i = 
(Pfc-{7i,...,7„,})U{7,}. 

The following example illustrates an appHcation of rule R5. 

Example 5. Suppose that the following clauses belong to Pk'- 

71: h{X) ^ X>lAY^X-lAp(Y,l) 
72: hlx) ^ X>lAY = X + lA^q{Y) 

and suppose that the following clauses constitute the definition of a predicate 
new in Defs^.: 

5i: new{Z,G) ^V = Z-C Ap{V,C) 
82. newiZ,G) ^V = Z + C A^q{V) 

For d = {V/Y, Z/X, C/1}, we have that 71 = h{X) ^X>1A{V^Z~CA 
piV, C))d cmdj2 = h{X) ^ X>IA{V = Z+C A -^q{V))d, and the substitution 
■d satisfies Conditions (i) and (ii) of the positive folding rule. By folding clauses 
71 and 72 using clauses Si and S2 we derive: 
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rj: h{X) ^ X>1 A new{Z,l) 

R6. Negative Folding. Let 7 be a clause in Pk and let Defs'f. be a variant of 
Defsj^ without common variables with 7. Suppose that there exists a predicate 
in Defs'^. whose definition consists of a single clause 5 : K ^ d A A, where A is 
an atom. Suppose also that there exists a substitution 1) such that clause 7 is of 
the form: H ^ cAdi} AGl A -^A-ff A Gr and FV{K) = FV{d A A). 

By folding clause 7 using clause 6 we derive the clause rj: H ^ c A d-d A Gl A 
^K^AGr and from program Pk we derive the program P^+i = (Pfc— {7})U{77}. 

The following is an example of application of the negative folding rule. 

Example 6. Let the following clause belong to Pk'- 

7: h{X) ^ X>OAq{X) A^r{X,0) 
and let new be a predicate whose definition in Defs^ consists of the clause: 

6: newiX,C) ^ X>C Ar{X,C) 
By folding 7 using S we derive: 

7?: h{X) ^ X>OAq{X) A^new{X,0) 

The positive and negative folding rule are not fully symmetric for the following 
three reasons. 

(1) By positive folding we can fold several clauses at a time by using several 
clauses whose body may contain several literals, while by negative folding we 
can fold a single clause at a time by using a single clause whose body contains 
precisely one atom. This is motivated by the fact that a conjunction of more 
than one literal cannot occur inside negation in the body of a clause. 

(2) By positive folding, for i = 1, . . . , to, the constraint ddi occurring in the body 
of clause 7^ is removed, while by negative folding the constraint di? occurring in 
the body of clause 7 is not removed. Indeed, the removal of the constraint d'd 
would be incorrect. For instance, let us consider the program Pk of Example 
above and let us assume that 7 is the only clause defining the predicate h. Let 
us also assume that the predicates q and r are defined by the following two 
clauses: q{X) ^ X < and r{X,0) ^ X <O.We have that ^ M(Pfe). 
Suppose that we apply the negative folding rule to clause 7 and we remove the 
constraint X>0, thereby deriving the clause h{X) ^ q{X)A^new{X, 0), instead 
of clause ij. Then we obtain a program whose perfect model has the atom h{—l). 

(3) The conditions on the variables occurring in the clauses used for folding are 
less restrictive in the case of positive folding (see Conditions (i) and (ii) of R5) 
than in the case of negative folding (see the condition FV{K) = FV{d A A)). 
Notice that a negative folding rule where the condition FV{K) — FV{d A A) is 
replaced by Conditions (i) and (ii) of R5 would be incorrect, in general. To see 
this, let us consider the following example which may be viewed as the inverse 
derivation of Example ^ 

Example 7. Let us consider the following programs Pq, Pi, and P2, where Pi 
is obtained from Pq by definition introduction, and P2 is obtained from Pi by 
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incorrectly folding p ^ ~^'''{X) using q ^ r{Y). Notice that FV{q) FV{r{X)) 
but Conditions (i) and (ii) are satisfied by the substitution {Y/X}. 

Po: p^MX) Pi: p^MX) P2: p^^q 

r{X)^X = r{X)^X = r{X)^X = 

q ^ r{Y) q ^ r{Y) 

We have that: p G M{Pq) while p ^ M{P2). (We assume that the carrier of the 
interpretation for the constraints contains at least one element different from 0.) 



If we consider the folding and unfolding rules outside the context of a transfor- 
mation sequence, either rule can be viewed as the inverse of the other. However, 
given a transformation sequence Pq, . . . , Pn, it may be the case that from a pro- 
gram Pfe in that sequence we derive program Pk+i by folding, and from program 
Pfe+i we cannot derive by unfolding a program Pk+2 which is equal to Pk- This is 
due to the fact that in the transformation sequence Pq, . . . , Pk, Pk+i, in order to 
fold some clauses in program Pk, we may use clauses in Defsf. which are neither 
in Pk nor in Pk+i, while for unfolding program Pk+i we can only use clauses 
which belong to Pk+i - Thus, according to the terminology introduced in j22], we 
say that folding is, in general, not reversible. This fact is shown by the following 
example. 



Example 8. Let us consider the transformation sequence: 

Pq: p^q Pi: p^q P2: p ^ q Py. p ^ r 

q<- q^ q<- q <- 

r ^ q r <— r <— 

where Pi is derived from Pq by introducing the definition r ^ q, P2 is derived 
from Pi by unfolding the clause r ^ q, and P3 is derived from P2 by folding 
the clause p ^ q using the definition r ^ q. We have that from program P3 we 
cannot derive a program equal to P2 by applying the positive unfolding rule. 



Similarly, the unfolding rules are not reversible in general. In fact, if we derive a 
program Pk+i by unfolding a clause in a program Pk and we have that Defsj^ = 0, 
then we cannot apply the folding rule and derive a program Pk+2 which is equal 
to Pk, simply because no clause in DefSf, is available for folding. 

The following replacement rule can be applied to replace a set of clauses with 
a new set of clauses by using laws based on equivalences between formulas. In 
particular, we consider: (i) boolean laws, (ii) equivalences that can be proved 
in the chosen interpretation V for the constraints, and (iii) properties of the 
equality predicate. 

R7. Replacement Based on Laws. Let us consider the following rewritings 
Pi P2 between sets of clauses (we use Pi <^4> P2 as a shorthand for the two 
rewritings Pi P2 and P2 Pi). Each rewriting is called a law. 
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Boolean Laws 








(1) {H^ 


-cA AA^AAG} 









(2) {H^ 


- cAH AG} 









(3) {H^ 


- cAGi A A ^2 AG2} 




{if. 


- cAGi A A2 AAi AG2} 


(4) {H^ 


-cAAaAaG} 






- c A A A G} 




- c A Gi, 

- c A rf A Gi A G2} 






-cAGi} 




-cAAaG, 
-cA^AAG} 






- cAG} 



Laws of Constraints 

(7) {i? ^ c A G} ^ 

if the constraint c is unsatisfiable, that is, V ^ -'3(c) 

(8) {H ^ciAG} ^ {H '-C2A G} 

if P h V(3rci 3Zc2), where: 

(i) Y ^ FVici)-FV{{H,G}), and 

(ii) Z ^ FVic2)-FVi{H,G}) 

(9) {iJ ^ c A G} ^ {H ^ciAG, H ^C2A G} 

if P h V(c^ (ci VC2)) 

Laws of Equality 

(10) {(iJ ^ c A G){X/t}} ^ {H ^ X^tAcAG} 

if the variable X does not occur in the term t 
and t is free for X in c. 

Let A and F2 be sets of clauses such that: (i) Fi F2, and (ii) /2 is locally 
stratified w.r.t. the fixed local stratification function a. By replacement from Fi 
we derive F2 and from program we derive the program Pk+i ~ (Pfe — A)U/2. 

Condition (ii) on P2 is needed because a replacement based on laws (1), (2), 
(5), and (7), used from right to left, may not preserve local stratification. For 
instance, the first law may be used to introduce a clause of the form p <— p A -^p, 
which is not locally stratified. We will see at the end of Section^that if we add 
the reverse versions of the boolean laws (4) or (6), then the correctness result 
stated in Theorem does not hold. 

The following definition is needed for stating rule R8 below. The set of useless 
predicates in a program P is the maximal set U of predicate symbols occurring 
in P such that a predicate p is in C/ iff every clause 7 in Pe/(p, P) is of the 
form H ^ cAGi A q{. . .) A G2 for some q in U. For example, in the following 
program: 

p{X) ^ q{X) A MX) 

q{X)^p{X) 

r{X)^X>{) 

p and q are useless predicates, while r is not useless. 
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R8. Deletion of Useless Predicates. If p is a useless predicate in Pk, then 
from program Pk we derive the program Pk+i = Pk — Def{p, Pk). 

Neither of the rules R2 and R8 subsumes the other. Indeed, on one hand 
the definition of a predicate p on which no predicate of interest depends, can be 
deleted by rule R2 even if p is not useless. On the other hand, the definition of 
a useless predicate p can be deleted by rule R8 even if a predicate of interest 
depends on p. 

The constraint addition rule R9 which we present below, can be applied 
to add to the body of a clause a constraint which is implied by that body. 
Conversely, the constraint deletion rule RIO, also presented below, can be applied 
to delete from the body of a clause a constraint which is implied by the rest of 
the body. Notice that these implications should hold in the perfect model of 
program Pk, while the applicability conditions of rule R7 (see, in particular, the 
replacements based on laws 7-9) are independent of Pk- Thus, for checking the 
applicability conditions of rules R9 and RIO we may need a program analysis 
based, for instance, on abstract interpretation [T?i| . 

R9. Constraint Addition. Let 71 : H ^ cAG he a clause in Pk and let d be a 

constraint such that M{Pk) h V((c A G) ^ 3X d), where X = FV{d) ~ FV{ji). 
By constraint addition from clause 71 we derive the clause 72: H ^ c A d A G 
and from program Pk we derive the program Pk+i ~ {Pk — {71}) U {72}- 

The following example shows an application of the constraint addition rule 
that cannot be realized by applying laws of constraints according to rule R7. 

Example 9. Let us consider the following program Pk'- 

1. nat{Q) 

2. nat{N) ^ N = M + 1 A nat{M) 

Since M{Pk) h {nat{M) M > 0), we can add the constraint M > to 
the body of clause 2. This constraint addition improves the termination of the 
program when using a top-down strategy. 

RIO. Constraint Deletion. Let 71: i/<— cAdAGbea clause in Pk and 
let d be a constraint such that M{Pk) \= V((c A G) ^ 3Xd), where X = 
FV{d) - FV{H ^ c AG). Suppose that the clause 72 : ^ c A G is locally 
stratified w.r.t. the fixed a. By constraint deletion from clause 71 we derive clause 
72 and from program Pk we derive the program Pk+i = {Pk — {71}) U {72}- 

We assume that 72 is locally stratified w.r.t. a because otherwise, the con- 
straint deletion rule may not preserve local stratification. For instance, let us 
consider the following program P: 

p{X)^ 

p{X) ^ X^X A^p{X) 
P is locally stratified because for all elements d in the carrier of the interpretation 
V for the constraints, we have that V \^ d — d. We also have that M{P) \= 
VX {-^p{X) X ^ X). However, if we delete the constraint X ^ X from the 
second clause of P we derive the clause p{X) ^ ^p{X) which is not locally 
stratified w.r.t. any local stratification function. 
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4 Preservation of Perfect Models 



In this section we present some sufficient conditions which ensure that a trans- 
formation sequence constructed by applying the transformation rules listed in 
Sectional preserves the perfect model semantics. 

We will prove our correctness theorem for admissible transformation se- 
quences, that is, transformation sequences constructed by applying the rules 
according to suitable restrictions. The reader who is familiar with the program 
transformation methodology, will realize that most transformation strategies 
can, indeed, be realized by means of admissible transformation sequences. In 
particular, all examples of Sectional are worked out by using this kind of trans- 
formation sequences. 

We proceed as follows, (i) First we show that the transformation rules pre- 
serve local stratification, (ii) Then we introduce the notion of an admissible 
transformation sequence, (iii) Next we introduce the notion of a proof tree for a 
ground atom A and a program P and we show that A e M{P) iff there exists a 
proof tree for A and P. Thus, the notion of proof tree provides the operational 
counterpart of the perfect model semantics, (iv) Then, we prove that given any 
admissible transformation sequence Pq, . . . ,Pn, any set Predmt of predicates of 
interest, and any ground atom A whose predicate is in Predmt, we have that for 
fc = 0, . . . , n, there exists a proof tree for A and Pk iff there exists a proof tree 
for A and Pq U Defs^. (v) Finally, by using the property of proof trees considered 
at Point (iii) , we conclude that an admissible transformation sequence preserves 
the perfect model semantics (see Theorem EJ. 

Let us start off by showing that the transformation rules preserve the lo- 
cal stratification function tr which was fixed for the initial program Pq at the 
beginning of the construction of the transformation sequence. 

Proposition 1. [Preservation of Local Stratification]. Let Pq be a locally strat- 
ified program, let a : B-p W be a local stratification function for Pq, and let 
Po, . . . , P,i be a transformation sequence using a. Then the programs Pq, . . . , Pn, 
and Pq U Defs^^ are locally stratified w.r.t. a. 

The proof of Proposition is given in Appendix A. 

An admissible transformation sequence is a transformation sequence that 
satisfies two conditions: (1) every clause used for positive folding is unfolded 
w.r.t. a positive literal, and (2) the definition elimination rule cannot be applied 
before any other transformation rule. An admissible transformation sequence is 
formally defined as follows. 

Definition 2. [Admissible Transformation Sequence] A transformation sequence 
Pq, . . . , Pn is said to be admissible iff the following two conditions hold: 
(1) for fc = 0, . . . , n—1, if Pk+i is derived from Pk by applying the positive folding 
rule to clauses 71, ... , 7™ using clauses Si, ... ,6m, then for i — 1, . . . , m there 
exists j , with <j <n, such that Si G Pj and program Pj+i is derived from Pj 
by positive unfolding of clause Si, and 
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(2) if for some m<n, Pm+i is derived from Pm by the definition elimination rule 
then for all k = m, . . . , n — l, Pk+i is derived from Pk by applying the definition 
elimination rule. 

When proving our correctness theorem (see Theorem El below) , we will find it 
convenient to consider transformation sequences which are admissible and satisfy 
some extra suitable properties. This motivates the following notion of ordered 
transformation sequences. 

Definition 3. [Ordered Transformation Sequence] A transformation sequence 
Pq, . . . , P„ is said to be ordered iff it is of the form: 

Pq 1 • • • 1 Pi 7 • ■ ■ ; Pj 7 • ■ ■ 1 Pm 5 ■ ■ ■ ; Pn 

where: 

(1) the sequence Pq, ■ ■ . ,Pi, with i>0, is constructed by applying i times the 
definition introduction rule, that is, Pi ^ PqU Defs^; 

(2) the sequence Pi, . . . ,Pj is constructed by unfolding w.r.t. a positive literal each 
clause in Defsi which is used for applications of the folding rule in Pj, . . . , Pm ; 

(3) the sequence Pj,- - ■ ,Pm, with j < m, is constructed by applying any rule, 
except the definition introduction and definition elimination rules; and 

(4) the sequence Pm, ■ • ■ , Pn, with m<n, is constructed by applying the definition 
elimination rule. 

Notice that in an ordered transformation sequence we have that Defs^ = Defs^. 
Every ordered transformation sequence is admissible, because of Points (2) and 
(4) of Definitional Conversely, by the following Proposition[2l in our correctness 
proofs we will assume, without loss of generality, that any admissible transfor- 
mation sequence is ordered. 

Proposition 2. For every admissible transformation sequence Pq, . . . , P„, there 
exists an ordered transformation sequence Qq, - --,Qr (with r possibly different 
from n), such that: (i) Po = Qo, (H) Pn = Qr, and (Hi) the set of definitions 
introduced during Pq, - - - ,Pn is equal to the set of definitions introduced during 
Qo, . . - ,Qr. 

The easy proof of Proposition [3 is omitted for reasons of space. It is based 
on the fact that the applications of some transformation rules can be suitably 
rearranged without changing the initial and final programs in a transformation 
sequence. 

Now we present the operational counterpart of the perfect model semantics, 
that is, the notion of a proof tree. A proof tree for a ground atom A and a locally 
stratified program P is constructed by transfinite induction as indicated in the 
following definition. 

Definition 4. [Proof Tree] Let A be a ground atom, P be a locally stratified 
program, and a be any local stratification for P. Let PT^a be the set of proof 
trees for ground atoms B and P with cr{B) < a{A). A proof tree for A and P is 
a finite tree T of goals such that: (i) the root ofT is A, (ii) a node N of T has 
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children Li, . . . ,Lr iffN is a ground atom B and there exists a clause "f d P and 
a valuation v such that v{'y) is B ^ c A Li A . . . A Lr and V c, and (Hi) every 
leaf of T is either the empty conjunction true or a negated ground atom -^B such 
that there is no proof tree for B and P in PT^a- 

The following theorem establishes that the operational semantics based on proof 
trees is equivalent to the perfect model semantics. 

Theorem 2. [Proof Trees and Perfect Models] Let P be a locally stratified 
program. For all ground atoms A, there exists a proof tree for A and P iff A G 
M{P). 

Our proofs of correctness use induction w.r.t. suitable well-founded measures 
over proof trees, ground atoms, and ground goals (see, in particular, the proofs of 
Propositions|S|and[3in Appendices B and C). We now introduce these measures. 

Let T be a proof tree for a ground atom A and a locally stratified program 
P. By size{T) we denote the number of atoms occurring at non-leaf nodes of T. 
For any ground atom A, locally stratified program P, and local stratification a 
for P, we define the following measure: 

fJ.{A, P) — miniex{{o'iA), size{T)) | T is a proof tree for A and P} 

where miniex denotes the minimum w.r.t. the lexicographic ordering <iex over 
W y. N , where W is the set of countable ordinals and N is the set of natural 
numbers. ix{A, P) is undefined if there is no proof tree for A and P. The measure 
jjL is extended from ground atoms to ground literals as follows. Given a ground 
literal L, we define: 

/x(L, P) = if L is an atom A then ^{A, P) 

else if L is a negated atom ^A then {(t{A),0) 
Now we extend /i to ground goals. First, we introduce the binary, associative 
operation ® : {W x N)^ — > (W x N) defined as follows: 

(ai,mi) © (a2,'7i2) = {max{ai,a2), mi+m2) 
Then, given a ground goal ii A . . . A L„, we define: 
a ... a Ln, P) = n{Li,P) © ... © fl{Ln, P) 
The measure /i is well-founded in the sense that there is no infinite sequence of 
ground goals Gi, G2, . . . such that /i(Gi, P) > n{G2, P) > . . . 

In order to show that an ordered transformation sequence Pq, . . . , Pi, . . . , 
Pj, . . . , P„i, . . . ,Pn (where the meaning of the subscripts is the one of Defini- 
tion preserves the perfect model semantics, we will use Theorem |2l and we 
will show that, for A: = 0, . . . , n, given any ground atom A whose predicate be- 
longs to the set Predmt of predicates of interest, there exists a proof tree for A 
and Pfc iff there exists a proof tree for A and Pq U Defs^^. Since P^ = Po U Defs„, 
it is sufficient to show the following properties, for any ground atom A: 

(PI) there exists a proof tree for A and Pi iff there exists a proof tree for A and 

Pj, 

(P2) there exists a proof tree for A and Pj iff there exists a proof tree for A and 
Pm, and 
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(P3) if the predicate of A is in Predint , then there exists a proof tree for A and 
Pm iff there exists a proof tree for A and P„ . 

Property PI is proved by the fohowing proposition. 

Proposition 3. Let Pq be a locally stratified program and let Po, ■ ■ ■ , Pi, ■ ■ ■ , 

Pj, . . . ,Pm, ■ ■ ■ , Pn be an ordered transformation sequence. Then there exists a 
proof tree for a ground atom A and Pi iff there exists a proof tree for A and Pj . 

The proof of Proposition El is given in Appendix B. It is a proof by induction on 
a{A) and on the size of the proof tree for A. 

In order to prove the only-if part of Property P2, we will show a stronger 
invariant property based on the following consistency notion. 

Definition 5. [Pj -consistency] Let Pq, . . . , Pi, . . . , Pj, . . . , Pm, . . . , P„ be an or- 
dered transformation sequence, Pk be a program in this sequence, and A be a 
ground atom. We say that a proof tree T for A and Pk is Pj -consistent iff 
for every ground atom B and ground literals Li, . . . ,Lr, if B is the father of 
Li, . . . ,Lr in T, then fJ.{B, Pj) > /x(Li A ... A L^, Pj). 

The invariant property is as follows: for every program Pk in the sequence 
Pj,. . . , Pm, if there exists a Pj-consistent proof tree for A and Pj, then there 
exists a P, -consistent proof tree for A and Pk. 

It is important that Pj -consistency refers to the program Pj obtained by 
applying the positive unfolding rule to each clause that belongs to Defs^ and 
is used in Pj, . . . , P™ for a folding step. Indeed, if the positive unfolding rule is 
not applied to a clause in Defs^, and this clause is then used (possibly, together 
with other clauses) in a folding step, then the preservation of Pj-consistent proof 
trees may not be ensured and the transformation sequence may not be correct. 
This is shown by Example ^ of the Introduction where we assume that the first 
clause p{X) ^ ^q{X) of Po has been added by the definition introduction rule 
in a previous step. 

We have the following. 

Proposition 4. // there exists a proof tree for a ground atom A and program 
Pj then there exists a Pj-consistent proof tree for A and Pj. 

Proof. Let T be a proof tree for A and Pj such that {cr{A), size{T)) is minimal 
w.r.t. <iex- Then T is Pj-consistent. □ 

Notice that in the proof of Proposition^we state the existence of a Pj -consistent 
proof tree for a ground atom A and program Pj without providing an effective 
method for constructing this proof tree. In fact, it should be noticed that no 
effective method can be given for constructing the minimal proof tree for a given 
atom and program, because the existence of such a proof tree is not decidable 
and not even semi-decidable. 

By Proposition 21 in order to prove Property P2 it is enough to show the 
following Proposition El 



21 



Proposition 5. Let Pq be a locally stratified program and let Pq, . . . , Pi, . . . , 
Pj, . . . , P„i, . . . , Pn be an ordered transformation sequence. Then, for every ground 
atom A we have that: 

(Soundness) if there exists a proof tree for A and Pm, then there exists a proof 
tree for A and Pj , and 

(Completeness) if there exists a Pj- consistent proof tree for A andPj, then there 
exists a Pj -consistent proof tree for A and Pm- 

The proof of Proposition |3 is given in Appendix C. 

In order to prove Property P3, it is enough to prove the following Propo- 
sition El which is a straightforward consequence of the fact that the existence 
of a proof tree for a ground atom with predicate p is determined only by the 
existence of proof trees for atoms with predicates on which p depends. 

Proposition 6. Let P be a locally stratified program and let Predmt be a set 
of predicates of interest. Suppose that program Q is derived from program P 
by eliminating the definition of a predicate q such that no predicate in Predint 
depends on q. Then, for every ground atom A whose predicate is in Predmt, 
there exists a proof tree for A and P iff there exists a proof tree for A and Q. 

Now, as a consequence of Propositions QJIHI and Theorem|2l we get the following 
theorem which ensures that an admissible transformation sequence preserves the 
perfect model semantics. 

Theorem 3. [Correctness of Admissible Transformation Sequences] Let Pq be 
a locally stratified program and let Pq,. .. ,Pn be an admissible transformation 
sequence. Let Predmt be the set of predicates of interest. Then Pq U Defs^ and 
Pn are locally stratified and for every ground atom A whose predicate belongs to 
Predmt, A e M(Po U Pe/s„) iff A ^ M{Pn). 

This theorem does not hold if we add to the boolean laws Hsted in rule R7 of 
Sectional the inverse of law (4), as shown by the following example. 

Example 10. Let us consider the following transformation sequence: 
Pq: p^q^q Pi: p ^ q P2: p ^ q A q P3: p p 

q^ q^ q^ q <~ 

We assume that the clause for p in Pq is added to Pq by the definition introduc- 
tion rule, so that it can be used for folding. Program Pi is derived from Pq by 
unfolding, program P2 is derived from Pi by replacement based on the reverse 
of law (4), and finally, program P3 is derived by folding the first clause of P2 
using the first clause of Pq. We have that p € M{Pq), while p ^ M(P3). 

Analogously, the reader may verify that Theorem 13 does not hold if we add to 
the boolean laws of rule R7 the inverse of law (6) . 
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5 Examples of Use of the Transformation Rules 

In this section we show some program derivations realized by applying the trans- 
formation rules of Section These program derivations are examples of the 
following three techniques: (1) the determinization technique, which is used for 
deriving a deterministic program from a nondeterministic one [14"33', (2) the 
program synthesis technique, which is used for deriving a program from a first 
order logic specification (see, for instance, |18I4H and [H] in this book for a recent 
survey), and (3) the program specialization technique, which is used for deriving 
a specialized program from a given program and a given portion of its input 
data (see, for instance, j2l] and j2l] for a recent survey). 

Although we will not provide in this paper any automatic transformation 
strategy, the reader may reaHze that in the examples we will present, there 
is a systematic way of performing the program derivations. In particular, we 
perform all derivations according to the repeated application of the following 
sequence of steps: (i) first, we consider some predicate definitions in the initial 
program or we introduce some new predicate definitions, (ii) then we unfold these 
definitions by applying the positive and, possibly, the negative unfolding rules, 
(iii) then we manipulate the derived clauses by applying the rules of replacement, 
constraint addition, and constraint deletion, and (iv) finally, we apply the folding 
rules. The final programs are derived by applying the definition elimination rule, 
and keeping only those clauses that are needed for computing the predicates of 
interest. 

5.1 Determinization: Comparing Even and Odd Occurrences of a 
List 

Let us consider the problem of checking whether or not, for any given list L 
of numbers, the following property r(L) holds: every number occurring in L in 
an even position is greater or equal than every number occurring in L in an 
odd position. The locally stratified program EvenOdd shown below, solves the 
given problem by introducing a new predicate p{L) which holds iff there is a pair 
(X, Y) of numbers such that X occurs in the the list L in an even position, Y 
occurs in L in an odd position, and X <Y. Thus, for any list L, the property 
r{L) holds iff p{L) does not hold. 

EvenOdd: 

1. r(L) ^ list{L) A ^p{L) 

2. p{L) ^ I>1AJ>1AX<YA 

occMrs{X, I, L) A even{I) A occurs{Y, J, L) A -^even(J) 

3. even{X) ^ X = 

4. even{X + l) ^ X>0 A^eveTi{X) 

5. occursiX,I,[H\T]) ^ 1^1 AX = H 

6. occurs{X,I+l, [H\T]) ^ I>IA occurs{X,LT) 

7. list{[]) ^ 

8. listl[H\T]) ^ list{T) 
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In this program occurs{X, I , L) holds iff X is the I-th element (with / > 1) of 
the Hst L starting from the left. When executed by using SLDNF resolution, this 
EvenOdd program may generate, in a nondeterministic way, all possible pairs 
{X,Y), occurring in even and odd positions, respectively. This program has an 
O(n^) time complexity in the worst case, where n is the length of the input list. 

We want to derive a more efficient definite program that can be executed 
in a deterministic way, in the sense that for every constrained goal c A A A G 
derived from a given ground query by LD-resolution there exists at most one 
clause H ^ d A K such that c A A = H A d is satisfiable. 

To give a sufficient condition for determinism we need the following notion. 
We say that a variable X is a local variable of a clause 7 iff X e FV{bd{'j)) — 
FV{hd{j)). The determinism of a program P can be ensured by the following 
syntactic conditions: (i) no clause in P has local variables and (ii) any two 
clauses Hi ^ ci A Gi and H2 ^ C2 A G2 in P are mutually exclusive, that is, 
the constraint Hi —H2 A ci A C2 is unsatisfiable. 

Our derivation consists of two transformation sequences. The first sequence 
starts from the program made out of clauses 2-8 and derives a deterministic, 
definite program Q for predicate p. The second sequence starts from QU{1} and 
derives a deterministic, definite program EvenOdddet for predicate r. 

Let us show the construction of the first transformation sequence. Since 
clause 2 has local variables, we want to transform it into a set of clauses that 
have no local variables and are mutually exclusive, and thus, they will constitute 
a deterministic, definite program. We start off by applying the positive unfolding 
rule to clause 2, followed by appHcations of the replacement rule based on laws 
of constraints and equality. We derive: 

9. pi[A\L]) ^ J>1 AY<AA occurs{Y,J,L) A even{J+l) 

10. p{[A\L]) ^ I>1 A J>1 A X <Y A occurs{X, I, L)A 

even{I+l) A occurs{Y, J, L) A -^even{J +1) 

Now, by applications of the positive unfolding rule, negative unfolding, and re- 
placement rules, we derive the following clauses for p: 

11. p{[A,B\L]) ^B<A 

12. p{[A,B\L]) B>AAI>1 AX<AA occurs{X, I , L) A even{I) 

13. p{[A,B\L]) ^ B>AAI>IAB<X A occurs{X, I , L) A ^even{I) 

14. p{[A,B\L]) ^ B>AAI>1 AJ>\ A X <Y Aoccurs{X, I , L) Aeven{I)A 

occurs{Y, J, L) A -^even{J) 

Notice that the three clauses 12, 13, and 14, are not mutually exclusive. In 
order to derive a deterministic program for p, we introduce the following new 
definition: 

15. newl{A, B,L)^I>lAX<AA occurs{X,I, L) A even{I) 

16. newl{A,B,L) I>\ A B<X A occurs{X, I , L) A -^even{I) 

17. newl{A,B,L) ^ I>1A J>1 A X <Y A occurs{XJ,L) A even{I)A 

occurs{Y, J, L) A ^even{J) 
and we fold clauses 12, 13, and 14 by using the definition of newl, that is, clauses 
15, 16, and 17. We derive: 
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18. p{[A,B\L]) ^ B>AAnewl{A,B,L) 

Clauses 11 and 18 have no local variables and are mutually exclusive. We are left 
with the problem of deriving a deterministic program for the newly introduced 
predicate newl. 

By applying the positive unfolding, negative unfolding, and replacement 
rules, from clauses 15, 16, and 17, we get: 

19. newl{A,B,[C\L]) ^ B<C 

20. newliA, B, [C\L]) ^ I>1AB<X A occurs{X, I, L) A even{I) 

21. neAul{A,B, [C\L]) ^ I>1 AX<AA occurs{X,I,L) A^even{I) 

22. newllA,B, [C\L]) ^ I >1 A X <C A occurs{X, I, L) A -neven{I) 

23. newl{A,B, [C\L]) ^ I>1 A J>1 A X <Y A occurs{X,I, L)A 

^even{I) A occurs{Y, J, L) A even{J) 
In order to derive mutually exclusive clauses without local variables we first ap- 
ply the replacement rule and derive sets of clauses corresponding to mutually 
exclusive cases, and then we fold each of these sets of clauses. We use the re- 
placement rule based on law (5) and law (9) which is justified by the equivalence: 
VXVr (trwe ^ X >Y W X <Y). We get: 

24. newl{A,B,[C\L]) ^ B<C 

25. newliA, B, [C\L]) ^ B>C A A>C A I>1 A B <X A 

occurs{X, I, L) A even{I) 

26. newliA,B,[C\L]) ^ B>C A A>C A I>1 A X <AA 

occurs(X, /, L) A -^even{I) 

27. newl{A,B,[C\L\) ^ B>C A A>C A I>1 A J>1 A X <Y A 

occurs{X, I, L) A ^even{T)A 
occurs (Y, J, L) A even(J) 

28. newl{A,B,[C\L]) ^ B>C A A<C A I>1 A B <XA 

occurs{X, /, L) A even{I) 

29. newl{A,B,[C\L]) ^ B>C A A<C A I>1 AX <C A 

occurs{X, /, L) A -ieven{I) 

30. newl{A,B,[C\L]) ^ B>C A A<C A I>1 A J>1 A X <Y A 

occurs{X, I, L) A -^even{I)A 
occurs(Y, J, L) A even( J) 

The three sets of clauses: {24}, {25, 26, 27}, and {28, 29, 30} correspond to 
the mutually exclusive cases: {B <C), [B >C A A>C), and {B>C A A< 
C), respectively. Now, in order to fold each set {25, 26, 27} and {28, 29, 30} 
and derive mutually exclusive clauses without local variables, we introduce the 
following new definition: 

31. new2{A,B,L) ^ I>lAB<X A occurs{X, I , L) A even{I) 

32. new2{A, B,L)^I>1AX<AA occurs{X, I, L) A -^even{T) 

33. new2{A, B, L) ^ I>1 A J>1 A X <Y A occurs{X, I, L) A -^even{I)A 

occurs (Y, J, L) A even{J) 
By folding clauses 25, 26, 27 and 28, 29, 30 using clauses 31, 32, and 33, for 
predicate newl we get the following mutually exclusive clauses without local 
variables: 
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34. newl{A,B,[C\L]) ^ B<C 

35. newllA,B, [C\L]) ^ B>C A A>C A new2{A, B, L) 

36. newl{A,B, [C\L]) ^ B>C A A<C A new2{C, B, L) 
Unfortunately, the clauses for the new predicate new2 have local variables and 
are not mutually exclusive. Thus, we continue our derivation and, by applying 
the positive unfolding, negative unfolding, replacement, and folding rules, from 
clauses 31, 32, and 33 we derive the following clauses (this derivation is similar 
to the derivation that lead from {15, 16, 17} to {34, 35, 36} and we omit it): 

37. new2{A,B,[C\L]) ^ C<A 

38. new2{A,B,[C\L]) ^ C>A A B>C A newl{A,C\ L) 

39. new2{A,B,[C\L]) ^ C>A A B <C A newl{A, B, L) 

The set of clauses derived so far starting from the initial clause 2, that is, {11, 
18, 34, 35, 36, 37, 38, 39} constitutes a deterministic program for p, call it Q. 

Now we construct the second transformation sequence starting from Q U {1} 
for deriving a deterministic, definite program for r. We start off by considering 
clause 1 which defines r and, by positive unfolding, negative unfolding, and 
replacement we derive: 

40. r([])^ 

41. r{[A])^ 

42. r{[A,B\L]) ^ Ust{L) A B>A A ^newl{A, B, L) 
By introducing the following definition: 

43. new3{A,B,L) ^ list{L) A B>A A ^newl{A, B, L) 

and then folding clause 42 using clause 43, we derive the following definite 
clauses: 

44. r([])^ 

45. r{[A]) ^ 

46. r{[A,B\L]) ^ B>AAnew3{A,B,L) 

Now, wc want to transform clause 43 into a set of definite clauses. By positive 
unfolding, negative unfolding, and replacement, from clause 43 we derive: 

47. new3{A,B,[]) ^ B>A 

48. newSiA, B, [C\L]) ^ B>C A A<C A list{L) AB>C A ^new2(C, B, L) 

49. new3(A, B, [C\L]) ^ B>C A A>C A list{L) AB>AA ^new2{A, B, L) 

In order to transform clauses 48 and 49 into definite clauses, we introduce the 
following definition: 

50. newA{A, B, L) ^ list{L) AB>AA ^new2{A, B, L) 
and we fold clauses 48 and 49 using clause 50. We get: 

51. new3{A,B,[]) B>A 

52. ne'w3{A,B\c\L]) ^ B>C AA<C AnewA{C,B,L) 

53. new3(AS, [C|i]) ^ B>C A A>C AnewA{A,B,L) 

Now we are left with the task of transforming clause 50 into a set of definite 
clauses. By applying the positive unfolding, negative unfolding, replacement, 
and folding rules, we derive: 
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54. new4:{A,B,[]) ^ B>A 

55. newAlA,B,[C\L]) ^ B <C A C>A A new3{A, B, L) 

56. new4:lA,B, [C\L]) ^ B>C A C >A A new3{A, C, L) 

Finally, by eliminating the definitions of the predicates on which r does not 
depend, we get, as desired, the following final program which is a deterministic, 
definite program. 

EvenOdddet-' 

44. r([])^ 

45. r{[A]) ^ 

46. r{[A,B\L]) ^ B>AAnew3{A,B,L) 

51. new3{A,B, []) <- B>A 

52. new3lA,B,[C\L]) ^ B>C A A<C AnewA{C,B,L) 

53. newi{A,B, [C\L]) ^ B>C A A>C A newA{A, B, L) 

54. new4:{A,B, []) B>A 

55. newAlA,B,[C\L]) ^ B <C A C >A A new3{A, B, L) 

56. newA{A,B, [C\L]) ^ B>C A C >A A new3{A, C, L) 

Given a list of numbers L of length n, the EvenOdddet program checks that r(L) 
holds by performing at most 2n comparisons between numbers occurring in L. 
Program EvenOdddet works by traversing the input list L only once (without 
backtracking) and storing, for every initial portion Li of the input list L, the 
maximum number A occurring in an odd position of Li and the minimum num- 
ber B occurring in an even position of Li (see the first two arguments of the 
predicates newS and new4) . When looking at the first element C of the portion 
of the input list still to be visited (i.e., the third argument of new3 or newi), 
the following two cases are possible: either (Case 1) the element C occurs in an 
odd position of the input list L, i.e., a call of the form new3{A,B, [C\L2]) is 
executed, or (Case 2) the element C occurs in an even position of the input list 
L, i.e., a call of the form new4:{A, B, [C\L2]) is executed. In Case (1) program 
EvenOdddet checks that B>C holds and then updates the value of the maxi- 
mum number occurring in an odd position with the maximum between A and C. 
In Case (2) program EvenOdddet checks that C>A holds and then updates the 
value of the minimum number occurring in an even position with the minimum 
between B and C. 

5.2 Program Synthesis: The N-queens Problem 

The A'^-queens problem has been often considered in the literature for present- 
ing various programming techniques, such as recursion and backtracking. We 
consider it here as an example of the program synthesis technique, as it has 
been done in 01]. Our derivation is different from the one presented in |4T, be- 
cause the derivation in ^] makes use of the unfold/fold transformation rules for 
definite programs together with an ad hoc transformation rule (called negation 
technique) for transforming general programs (with negation) into definite pro- 
grams. In contrast, we use unfold/fold transformation rules for general programs, 
and in particular, our negative unfolding rule of Sectional 
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The iV-queens problem can be informally specified as follows. We are required 
to place N{>0) queens on an TV x chess board, so that no two queens attack 
each other, that is, they do not He on the same row, column, or diagonal. A 
board configuration with this property is said to be safe. By using the fact that 
no two queens should lie on the same row, we represent an iV x TV chess board 
as a list L of N positive integers: the A:-th element on L represents the column 
of the queen on row k. 

In order to give a formal specification of the TV-queens problem we follow the 
approach presented in [221; which is based on first order logic. We introduce the 
following constraint logic program: 

P : nat{Q) ^ 

nat{N) ^ N = M + 1 A M>0 A nat{M) 
nat-list{[]) ^ 

nat-list{[H\T]) ^ nat{H) A natJ,ist{T) 
length{[\,Q) ^ 

length ([H\T], N) ^ N = M + 1 A M >0 A length(T, M) 
member{X, [H\T]) ^ X = H 
member{X, [H\T]) member{X,T) 
in^range {X, M, N) ^ X ^ N A M <N 

in^range{X,M,N) ^ N = K + lAM<K A in^range{X,M,K) 
occurs{XJ, [H\T]) ^ I^IAX^H 
occurs\xj+l, [H\T]) ^ />1 A occurs{X, I ,T) 

and the following first order formula: 

ip{N, L) : nat{N) A nat-list{L)A (1) 
length{L, N) A WX {member{X, L) in^range{X, 1, N))A (2) 
WA,B,M,N {{1<M A M <N Aoccurs{A, L) A occurs {B,N,L)) (3) 
{A^B AA-B^N-M AB-A^N-M)) (4) 

In the above program and formula in^range{X, M, N) holds iff X G {M, M + 1, 
. . . , N} and A^>0. The other predicates have been defined in previous programs 
or do not require explanation. Now we define the relation queens{N, L) where 
TV is a nonnegative integer and L is a list of positive integers, as follows: 

queens{N,L) iff M (P) \^ ip{N , L) 

Line (2) of the formula (p{N, L) above specifies a chess board as a list of TV 
integers each of which is in the range [1, . . . , A^]. If = the list is empty. 
Lines (3) and (4) of ^p{N, L) specify the safety property of board configurations. 
Now, we would like to derive a constraint logic program R which computes the 
relation queens{N, L), that is, R should define a predicate queens{N,L) such 
that: 

(tt) M{R) h= queens{N, L) iff M{P) h= ^{N, L) 

Following the approach presented in we start from the formula (called a 
statement) queens{N, L) ^ (p{N,L) and, by applying a variant of the Lloyd- 
Topor transformation |2^, we derive the following stratified logic program: 
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F : 1. queens{N,L) ^ nat{N) A natJist{L) A length{L,N)A 
-^auxl[L, N) A ^aux2{L) 

2. aux\{L, N) <— member(X, L) A -^in-range{X, 1, N) 

3. aux2lL) ^ 1<K AK<MA 

-^{A^B A A-B^M-K A B-A^M-K)A 
occurs{A, K, L) A occurs{B, M, L) 

This variant of the Lloyd- Topor transformation is a fully automatic transforma- 
tion, but it cannot be performed by using our transformation rules, because it 
operates on first order formulas. It can be shown that this variant of the Lloyd- 
Topor transformation preserves the perfect model semantics and, thus, we have 
ih&i: M{PiJF)'^ queens{N,L) iff M{P) ^ ip{N, L). 

The derived program P U is not very satisfactory from a computational 
point of view because, when using SLDNF resolution with the left-to-right se- 
lection rule, it may not terminate for calls of the form queens{n, L) where n is a 
nonnegative integer and L is a variable. Thus, the process of program synthesis 
proceeds by applying the transformation rules listed in Section 1^1 thereby trans- 
forming program PUF into a program R such that: (i) Property (tt) holds, (ii) R 
is a definite program, and (iii) R terminates for all calls of the form queens{n, L), 
where n is any nonnegative integer and L is a variable. Actually, the derivation of 
the final program R is performed by constructing two transformation sequences: 
(i) a first one, which starts from the initial program P, introduces clauses 2 and 
3 by definition introduction, and ends with a program Q, and (ii) a second one, 
which starts from program Q, introduces clause 1 by definition introduction, and 
ends with program R. 

We will illustrate the application of the transformation rules for deriving 
program R without discussing in detail how this derivation can be performed in 
an automatic way using a particular strategy. As already mentioned, the design 
of suitable transformation strategies for the automation of program derivations 
for constraint logic programs, is beyond the scope of the present paper. 

The program transformation process starts off from program P U {2, 3} by 
transforming clauses 2 and 3 into a set of clauses without local variables, so that 
they can be subsequently used for unfolding clause 1 w.r.t. ^auxl{L, N) and 
-^aux2{L) (see the negative unfolding rule R4). 

By positive unfolding, replacement, and positive folding, from clause 2 we 
derive: 

4. auxl{[H\T],N) ^ -^in^range{X, 1, N) 

5. auxl{[H\TiN) ^ auxl(T,N) 

Similarly, by positive unfolding, replacement, and positive folding, from clause 
3 we derive: 

6. aux2{[A\T]) ^ M >1 A ^{A=^ B A A- B ^ M A B- A^ M)A 

occurs{B, M, T) 

7. aux2{[A\T]) ^ aux2{T) 

In order to eliminate the local variables B and M occurring in clause 6, by the 
definition introduction rule we introduce the following new clause, whose body 
is a generaHzation of the body of clause 6: 
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8. newl{A,T,K)^ M>lA^{Aj^B AA-Bj^M+K AB-Aj^M+K)A 

occurs{B,M, T) 

By replacement and positive folding, from clause 6 we derive: 

6f. aux2{[A\T]) ^ newl{A,T,0) 

Now, by positive unfolding, replacement, and positive folding, from clause 8 we 
derive: 

9. newl{A,[B\T],K) 4- -n{Aj^ B A A- B ^ K + 1 A B -Ay^ K +1) 

10. newl{A, [B\T], K) ^ newl{A, T, K+1) 

The program, call it Q, derived so far is P U {4, 5, 6f, 7, 9, 10}, and clauses 4, 5, 
6f, 7, 9, and 10 have no local variables. 

Now we construct a new transformation sequence which takes Q as initial 
program. We start off by applying the definition introduction rule and adding 
clause 1 to program Q. Our objective is to transform clause 1 into a set of definite 
clauses. We first apply the definition rule and we introduce the following clause, 
whose body is a generalization of the body of clause 1: 

11. new2{N, L, K) <- nat{M) A natJist{L) A length{L, M)A 

^auxl{L,N) A -^aux2{L) AN = M+K 

By replacement and positive folding, from clause 11 we derive: 

If. queens{N, L) ^ new2{N, L, 0) 

By positive and negative unfolding, replacement, constraint addition, and posi- 
tive folding, from clause 11 we derive: 

12. new2{N,[],K) ^ N = K 

13. new2{N, [H\T], K) ^ N>K+1A new2{N, T, K + \)A 

nat{H) A nat-list{T) A in-range{H, 1, N)A 
-^newl{H,T, 0) 

In order to derive a definite program we introduce a new predicate new3 defined 
by the following clause: 

14. new3{A, T, N, M) nat{A) A nat-list{T) A in-range{A, 1, N)A 

^newliA,T, M) 

We fold clause 13 using clause 14 and we derive the following definite clause: 

13f. new2{N, [H\T],K) ^ N>K+1A new2{N,T, K + 1) A new3{H,T, N,0) 

By positive and negative unfolding, replacement, and positive folding, from 
clause 14 we derive the following definite clauses: 

15. new3{A, [],N, M) ^- in-range{A, 1, N) A nat{A) 

16. new3{A,[B\T],N,M) ^ A^B AA-B^M+lAB-Ay^M + lA 

nat{B) A neAu3{A, T, TV, M + 1) 

Finally, by assuming that the set of predicates of interest is the singleton {queens}, 
by definition elimination we derive the following program: 
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R: If. queens{N, L) ^ new2{N, L, 0) 
12. new2{N,[],K) ^ N = K 

13f. new2(iV, [H\T],K) N>K + l^ new2{N, T, K+1) A new3{H, T, iV, 0) 

15. new3{A, [],N,M) ^ in_range{A, 1, iV) A nat{A) 

16. new;3(^, [B|r], TV, Af ) ^ A^^B A ^-B^ A/ + 1 A B-yl^^ Af + 1 A 

nai(B) A new3(A, T, N,M + 1) 

together with the clauses for the predicates in -range and nat. 

Program i? is a definite program and, by TheoremEl we have that M{R) \= 
queens{N,L) iS M{PUFUDefs) ^ queens{N,L), where FUDefs is the set of all 
clauses introduced by the definition introduction rule during the transformation 
sequences from P to R. Since queens does not depend on Defs in PU FU Defs, 
we have that M{R) \= queens{N,L) iff M{P U F) \^ queens{N,L) and, thus. 
Property (tt) holds. Moreover, it can be shown that R terminates for all calls of 
the form queens{n, L), where n is any nonnegative integer and L is a variable. 

Notice that program R computes a solution of the A'^-queens problem in a 
clever way: each time a queen is placed on the board, program R checks that it 
does not attack any other queen already placed on the board. 

5.3 Program Specialization: Derivation of Counter Machines from 
Constrained Regular Expressions 

Given a set M of variables ranging over natural numbers, a set C of constraints 
over natural numbers, and a set K of identifiers, we define a constrained regular 
expression e over the alphabet {a, b} as follows: 

e ::= a | 6 | ei • 62 | ei + 62 | e^A^ | not{e) \ k 

where N e M and k G K. An identifier fc e if is defined by a definition of 
the form k = (c : e), where c S C and e is a constrained regular expression. 
For instance, the set {a™5" | to = n > 0} of strings in {a, b}* is denoted by the 
identifier k which is defined by the following definition: 
k = {M = N : (a^'M-b^N)). 

Obviously, constrained regular expressions may denote languages which are not 
regular. 

Given a string S and a constrained regular expression e, the following locally 
stratified program P checks whether or not S belongs to the language denoted 
by e. We assume that constraints are definable as conjunctions of equalities and 
disequalities over natural numbers. 

P : string {[]) ^ 

string{[a\S]) ^ string{S) 
string{[b\S]) string{S) 
symbol{a) ^ 
symbol{b) <— 
aVV{[\,L,L) ^ 

app{[A\XlY,[A\Z]) ^ app{X,Y,Z) 
in -language {[A], A) <— symbol{A) 
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inJanguage{S, {EI-E2)) ^ app{Sl, S2, S)A 

in-language{Sl, El) A in-language{S2, E2) 
inJ,anguage{S,El + E2) ^ in-language{S, El) 
inJ,anguage{S,El + E2) ^ in-language{S, E2) 
in-language{S, not{E)) <— in-language{S, E) 
in^language{[], E^I) <— J = 

inJanguage{S,E^I) / = J+1 A J>0 A app{Sl, S2, S)A 

inAanguage{Sl,E) A in-language{S2, E^J) 
in-language{S, K) ^ [K = {C:E)) A solve{C) A in-language{S, E) 
solve{X = Y) ^X = Y 
solve{X>Y) ^X>Y 
solve{Ci A C2) ^ solve{Ci) A solve{C2) 

For example, in order to check whether a string S does not belong to the language 
denoted by k, where k is defined by the following definition: k = (M = N : 
{a^M ■ b^N)), we add to program P the clause: 

{k = {M = N : (a^M- b^N))) ^ 

and we evaluate a query of the form: 

string{S) A inJ,anguage{S, not{k)) 

Now, if we want to specialize program P w.r.t. this query, we introduce the new 
definition: 

1. newl{S) <— string{S) A in-language{S, not{k)) 
By unfolding clause 1 we get: 

2. newl{S) <— string{S) A in-language{S, k) 

We cannot perform the negative unfolding of clause 2 w.r.t. in^language{S, k) 
because of the local variables in the clauses for in-language{S, k). In order to 
derive a predicate which is equivalent to in-language{S,k) and is defined by 
clauses without local variables, we introduce the following clause: 

3. new2{S) <— inJ,anguage{S,k) 
By unfolding clause 3 wc get: 

4. new2{S) ^ M ^ N A app{Sl, S2, S)A 

in -language {SI, a^M) A in-language{S2, b^N) 

We generalize clause 4 and we introduce the following clause 5: 

5. new3{S,I) ^ M = N+I A app{Sl,S2,S)A 

inJ,anguage{Sl, a^M) A in -language {S2, b^N) 
By unfolding clause 5, performing replacements based on laws of constraints, 
and folding, we get: 

6. new3{S, N) ^ in-language{S, h^N) 

7. new3{[a\S],N) ^ new3{S,N + l) 

In order to fold clause 6 we introduce the following definition: 

8. newA{S,N) <— in-language{S,b^N) 
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By unfolding clause 8, performing some replacements based on laws of con- 
straints, and folding, we get: 

9. new4([],0) ^ 

10. new4:l[b\S], N) ^ N>1A newA{S,N-l) 

By negative folding of clause 2 and positive folding of clauses 4 and 6 we get the 
following program: 

2f. newl(S') ^ string{S) A ^ ne'w2{S) 
4f. new2\s) ^ new?,{S, 0) 
6f. newils, N) ^ newA{S, N) 

7. new3{[a\S], N) ^ new3{S,N+l) 

9. new4([],0) ^ 

10. new4:l[b\S], N) ^ N>IA newA{S,N-l) 

Now from clause 2f, by positive and negative unfoldings, replacements based on 
laws of constraints, and folding, we get: 

11. 7iewl([a|S']) ^ string{S) A new3{S, 1) 

12. newl{[b\S]) <— string{S) 

In order to fold clause 11 we introduce the following definition: 

13. new5{S, N) ^ string{S) A ^ new3(S', N) 

By positive and negative unfolding and folding we get: 

14. new5([],7V) 

15. new^([a\S],N) <~ new5iS,N + l) 

16. new5{[a\S],N) ^ string{S) A^N>1 

17. newb([b\S], N) ^ string{S) h^newA{S,N -I) 

In order to fold clause 17 we introduce the following definition: 

18. new&{S, N) ^ string{S) A ^ newi{S, N) 

Now, starting from clause 18, by positive and negative unfolding, replacements 
based on laws of constraints, folding, and elimination of the predicates on which 
new\ does not depend, we get the following final, specialized program: 

Pspec ■ llf- newl{[a\S]) ^ newb{S,l) 

12. new\{\b\S]) ^ string{S) 

14. new5{[],N) ^ 

15. new5{[a\S],N) ^ new5{S,N+l) 

16. new5{[b\S],0) ^ string{S) 

17f. new5([b\siN) ^ new6{S,N-l) 

19. new6([],7V) ^ N 

20. new6{[a\S], N) ^ stringiS) 

21. new6{[b\S],0) string{S) 

22. new6{[b\S],N) ^ new6{S,N~l) 

This specialized program corresponds to a one-counter machine (that is, a push- 
down automaton where the stack alphabet contains one letter only j^) and it 
takes 0{n) time to test that a string of length n does not belong to the language 
{a'"-6"|TO = n > 0}. 
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6 Related Work and Conclusions 



During the last two decades various sets of unfold/fold transformation rules 
have been proposed for different classes of logic programs. The authors who first 
introduced the unfold/fold rules for logic programs were Tamaki and Sato in 
their seminal paper 23|. That paper presents a set of rules for transforming 
definite logic programs and it also presents the proof that those rules are correct 
w.r.t. the least Herbrand model semantics. Most of the subsequent papers in the 
field have followed Tamaki and Sato's approach in that: (i) the various sets of 
rules which have been published can be seen as extensions or variants of Tamaki 
and Sato's rules, and (ii) the techniques used for proving the correctness of the 
rules are similar to those used by Tamaki and Sato (the reader may look at 
the references given later in this section, and also at j22] for a survey). In the 
present paper we ourselves have followed Tamaki and Sato's approach, but we 
have considered the more complex framework of locally stratified constraint logic 
programs with the perfect model semantics. 

Among the rules we have presented, the following ones were initially intro- 
duced in 121 (in the case of definite logic programs): (Rl) definition introduction, 
restricted to one clause only (that is, with m—1), (R3) positive unfolding, (R5) 
positive folding, restricted to one clause only (that is, with m—1). Our rules of 
replacement, deletion of useless predicates, constraint addition, and constraint 
deletion (that is, rules R7, R8, R9, and RIO, respectively) are extensions to 
the case of constraint logic programs with negation of the goal replacement and 
clause addition/deletion rules presented in |44j. In comparing the rules in [44j 
and the corresponding rules we have proposed, let us highhght also the following 
important difference. The goal replacement and clause addition/deletion of [Hj 
are very general, but their applicability conditions are based on properties of 
the least Herbrand model and properties of the proof trees (such as goal equiv- 
alence or clause implication) which, in general, are very difficult to prove. On 
the contrary, (i) the applicability conditions of our replacement rule require the 
verification of (usually decidable) properties of the constraints, (ii) the property 
of being a useless predicate is decidable, because it refers to predicate symbols 
only (and not to the value of their arguments) , and (iii) the applicability con- 
ditions for constraint addition and constraint deletion can be verified in most 
cases by program analysis techniques based on abstract interpretation |^. 

For the correctness theorem (see Theorem relative to admissible transfor- 
mation sequences we have followed Tamaki and Sato's approach, and as in [44 , 
the correctness is ensured by assuming the validity of some suitable conditions 
on the construction of the transformation sequences. 

Let us now relate our work here to that of other authors who have extended 
in several ways the work by Tamaki and Sato and, in particular, those who have 
extended it to the cases of: (i) general logic programs, and (ii) constraint logic 
programs. 

Tamaki and Sato's unfolding and folding rules have been extended to gen- 
eral logic programs (without constraints) by Seki. He proved his extended rules 
correct w.r.t. various semantics, including the perfect model semantics |42l43j . 
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Building upon previous work for definite logic programs reported in jl7l22l38j . 
paper j^I] extended Seki's folding rule by allowing: (i) multiple folding, that is, 
one can fold m (> 1) clauses at a time using a definition consisting of m clauses, 
and (ii) recursive folding, that is, the definition used for folding can contain 
recursive clauses. 

Multiple folding can be performed by applying our rule R5, but recursive 
folding cannot. Indeed, by rule R5 we can fold using a definition introduced by 
rule Rl, and this rule does not allow the introduction of recursive clauses. Thus, 
in this respect the folding rule presented in this paper is less powerful than the 
folding rule considered in On the other hand, the set of rules presented 
here is more powerful than the one in [23 because it includes negative unfolding 
(R4) and negative folding (R6). These two rules are very useful in practice, and 
both are needed for the program derivation examples we have given in Sectional 
They are also needed in the many examples of program verification presented 
in ■ For reasons of simplicity, we have presented our non-recursive version of 
the positive folding rule because it has much simpler applicability conditions. In 
particular, the notion of admissible transformation sequence is much simpler for 
non-recursive folding. We leave for future research the problem of studying the 
correctness of a set of transformation rules which includes positive and negative 
unfolding, as well as recursive positive folding and recursive negative folding. 

Negative unfolding and negative folding were also considered in our previous 
work |22l- The present paper extends the transformation rules presented in [^H 
by adapting them to a logic language with constraints. Moreover, in ||32l we did 
not present the proof of correctness of the transformation rules and we only 
showed some applications of our transformation rules to theorem proving and 
program synthesis. 

In Sato proposed a set of transformation rules for first order programs, 
that is, for a logic language that extends general logic programs by allowing 
arbitrary first order formulas in the bodies of the clauses. However, the semantics 
considered in based on a three valued logic with the three truth values 

true, false, and undefined (corresponding to non terminating computations). 
Thus, the results presented in cannot be directly compared with ours. In 
particular, for instance, the rule for eliminating useless predicates (R8) does 
not preserve the three valued semantics proposed in ^01) because this rule may 
transform a program that does not terminate for a given query, into a program 
that terminates for that query. Moreover, the conditions for the applicability 
of the folding rule given in [iU are based on the chosen three valued logic and 
cannot be compared with those presented in this paper. 

Various other sets of transformation rules for general logic programs (in- 
cluding several variants of the goal replacement rule) have been proved correct 
w.r.t. other semantics, such as, the operational semantics based on SLDNF res- 
olution p.6 42J, Clark's completion and Kunen's and Fitting's three valued 
extensions of Clark's completion jH]. We will not enter into a detailed compari- 
son with these works here. It will suffice to say that these works are not directly 
comparable with ours because of the different set of rules (in particular, none of 
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these works considers the negative unfolding rule) and the different semantics 
considered. 

The unfold/fold transformation rules have also been extended to constraint 
logic programs in |7I11I12I?7] . Papers [711 1) deal with definite programs, while 
|27j considers locally stratified programs and proves that, with suitable restric- 
tions, the unfolding and folding rules preserve the perfect model semantics. Our 
correctness result presented here extends that in (23 because: (i) the rules of [221 
include neither negative unfolding nor negative folding, and (ii) the folding rule 
of [23 is reversible, that is, it can only be applied for folding a set of clauses in 
a program P by using a set of clauses that occur in P. As already mentioned 
in Section our folding rule is not reversible, because we may fold clauses 
in program Pk of a transformation sequence by using definitions occurring in 
Defsf., but possibly not in Pk- Reversibility is a very strong limitation, because 
it does not allow the derivation of recursive clauses from non-recursive clauses. 
In particular, the derivations presented in our examples of Section could not 
be performed by using the reversible folding rule of |27j . 

Finally, ^21 proposes a set of transformation rules for locally stratified con- 
straint logic programs tailored to a specific task, namely, program specialization 
and its application to the verification of infinite state reactive systems. Due to 
their specific application, the transformation rules of J2 much more re- 
stricted than the ones presented here. In particular, by using the rules of |12j : 
(i) we can only introduce constrained atomic definitions, that is, definitions that 
consist of single clauses whose body is a constrained atom, (ii) we can unfold 
clauses w.r.t. a negated atom only if that atom succeeds or fails in one step, and 
(iii) we can apply the positive and negative folding rules by using constrained 
atomic definitions only. 

We envisage several lines for further development of the work presented in 
this paper. As a first step forward, one could design strategies for automating 
the application of the transformation rules proposed here. In our examples of 
Section [3 we have demonstrated that some strategies already considered in the 
literature for the case of definite programs, can be extended to general constraint 
logic programs. This extension can be done, in particular, for the following strate- 
gies: (i) the elimination of local variables ^j, (ii) the derivation of deterministic 
programs [HB|, and (iii) the rule-based program specialization J4j . 

It has been pointed out by recent studies that there is a strict relationship be- 
tween program transformation and various other methodologies for program de- 
velopment and software verification (see, for instance, |13ll5l25l3f)l31l36j l. Thus, 
strategies for the automatic application of transformation rules can be exploited 
in the design of automatic techniques in these related fields and, in particu- 
lar, in program synthesis and theorem proving. We believe that transformation 
methodologies for logic and constraint languages can form the basis of a very 
powerful framework for machine assisted software development. 
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7 Appendices 
7.1 Appendix A 

In this Appendix A we will use the fact that, given any two atoms A and B, and 
any valuation v, if cr{v{A)) > a{v{B)) then for every substitution d, a{v{A'd)) > 
a{v{B'd)). The same holds with >, instead of >. 

Proof of Proposition^ [Preservation of Local Stratification]. We will prove that, 
for A; = 0, . . . , n, Pfc is locally stratified w.r.t. a by induction on k. 
Base case {k = Q). By hypothesis Pq is locally stratified w.r.t. a. 
Induction step. We assume that Pk is locally stratified w.r.t. a and we show 
that Pk+i is locally stratified w.r.t. a. We proceed by cases depending on the 
transformation rule which is applied to derive Pk+i from Pk- 
Case 1. Program Pk+i is derived by definition introduction (rule Rl). We have 
that Pk+i — Pk^ {Si, . . . , S,n}, where Pk is locally stratified w.r.t. a by the in- 
ductive hypothesis and {Si, ... , S„i} is locally stratified w.r.t. a by Condition (iv) 
of Rl. Thus, Pk+i is locally stratified w.r.t. a. 

Case 2. Program Pk+i is derived by definition elimination (rule R2). Then Pk+i 
is locally stratified w.r.t. a because Pk+i ^ Pk- 

Case 3. Program Pk+i is derived by positive unfolding (rule R3). We have that 
Pk+i — (Pk — {7}) U {771, . . . , 77m}, where 7 is a clause in Pk of the form H <— 
c A Gl a a a Gr and clauses rji, . . . ,r]m are derived by unfolding 7 w.r.t. A. 
Since, by the induction hypothesis, {Pk — {7}) is locally stratified w.r.t. a, it 
remains to show that, for every valuation v, for i = 1, . . . ,m, clause v{r]i) is 
locally stratified w.r.t. a. Take any valuation v. For i — 1, . . . ,m, there exists 
a clause -fi in a variant of Pk of the form Ki ^ a A Bi such that ry^ is of 
the form H c A A = Ki A Ci A Gl A Bi A Gr. By the inductive hypothesis, 
v{H <~ cA Gl a a a Gr) and v{Ki ^ q A Bi) are locally stratified w.r.t. a. We 
consider two cases: (a) V ^ -iv{cAA^Ki Aci) and (b) V \= v(c A A = Ki Aci). 
In Case (a), v^rji) is locally stratified w.r.t. a by definition. In Case (b), we have 
that: (i) V ^ v{c), (ii) T> ^ v{A) = v{Ki), and (iii) V |= v{ci). Let us consider a 
literal v{L) occurring in the body of v{rii). lfv{L) is an atom occurring positively 
in v{GlAGr) then a{v{H))>(T{v(L)) because v{H ^ cAGlAAaGr) is locally 
stratified w.r.t. a and V \= v{c). Similarly, if v{L) is a negated atom occurring 
in v{Gl a Gr) then a{v{H)) > a(v{L)). If v{L) is an atom occurring positively 
in v{Bi) then a{v{H))>a{v{L)). Indeed: 
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a{v{H)) > a{v{A)) (because v{H <— c A Gj, A A A Gr) is locally stratified 
w.r.t. (T and V \= v{c)) 
= a{v{Ki)) (because v{A)=v{Ki)) 

>(t{v{L)) (because v{Ki ^— Ci A Bi) is locally stratified w.r.t. a 
and T) \= v{ci)) 

Similarlj', if v{L) is a negated atom occurring in v{B) then a{v{H)) >a{v{L)). 
Thus, the clause f (?7i) is locally stratified w.r.t. a. 

Case 4. Program Pk+i is derived by negative unfolding (rule R4). As in Case 3, 
we have that Pk+i = {Pk — {7}) U {r}\, . . . ,t7s}, where 7 is a clause in Pk of 
the form H ^ cA Gl A -^A A Gr and clauses iji, . . . ,ris are derived by negative 
unfolding 7 w.r.t. -'A. Since, by the induction hypothesis, {Pk — {7}) is locally 
stratified w.r.t. a, it remains to show that, for every valuation v, for j = 1, . . . , s, 
clause v{r]j) is locally stratified w.r.t. a. Take any valuation v. Let Ki ^ ci A 
Bi,. . . , Km <— Cm A Bm be the clauses in a variant of Pk such that, for i = 
1, . . . ,m,V \= 3{c A A = Ki A Ci) . Then, we have that, for j = 1, . . . , s, the clause 
v{rij) is of the form v{H ^ cAej A Gl A Qj A Gr), where v{Qj) is a conjunction 
of literals. By the applicability conditions of the negative unfolding rule and by 
construction (see Steps 1-4 of R4), we have that there exist m substitutions 
I?!, . . . , i^m such that the following two properties hold: 

(P.l) for every literal v{L) occurring in v{Qj) there exists a (positive or negative) 
literal v{M) occurring in v{Bi^i) for some i S {!,..., m}, such that v{L) is 
v{M), and 

(P.2) if v{L) occurs in v{Qj) and v{L) is v{M) with v{M) occurring in v{Bi'di) 
for some i G {1, . . . ,m}, then V |= v{{c A ej) {A = Ki-di A Ci^i)). 

We will show that v{r]j) is locally stratified w.r.t. a. By the inductive hypothesis, 
we have that v{H <— c A Gl A -^A A Gr) and v{Ki'di <— Cji?, A Bi'di) are locally 
stratified w.r.t. a. 

We consider two cases: (a) V \= -iu(c A tj) and (b) V \= v{c A Cj). In Case (a), 
vijij) is locally stratified w.r.t. a by definition. In Case (b), take any literal v{L) 
occurring in v{Qj). By Properties (P.l) and (P.2), v{L) is v{AI) for some v{M) 
occurring in v{Bi). We also have that: (i) V \= v{A) = v{Ki'di) and (ii) V \= 
v{ci'&i). Moreover V \= v{c), because we are in Case (b). Now, if v{M) is a 
positive literal occurring in v{Bi) we have: 

a{v{H)) > a{v{A)) (because v{H ^ cAGl A^AA Gr) is locally stratified 
w.r.t. 0" and V \= v{c)) 
= a{v{Ki'di)) (because v{A) = v{Ki^i)) 
(t) >cr(w(M)) (because v{Ki'di <— d-di A Bi'di) is locally stratified 
w.r.t. a and V \= v{cii9i)). 

Thus, we get: a{v{H)) > a{v{M j), and we conclude that v{r]j) is locally stratified 
w.r.t. a. Similarly, if v{M) is a negative literal occurring in v{Bi'di), we also get: 
a{v{H)) > a{v{M)). (In particular, if v{M) is a negative literal, at Point (f) 
above, we have a{v{Ki'di)) > a{v{M)).) Thus, we also conclude that v{r]j) is 
locally stratified w.r.t. a. 



38 



Case 5. Program P^+i is derived by positive folding (rule R5). For reasons of 
simplicity, we assume that we fold one clause only, that is, m = 1 in rule R5. The 
general case where m > 1 is analogous. We have that Pk+i = {Pk — {l}) U {r]}, 
where rjis a. clause of the form H <— c/\Gl AK'&AGr derived by positive folding 
of clause 7 of the form H^c/\M/\Gl/\ B-d A Gr using a clause 6 of the form 
K ^ d A B introduced by rule Rl. We have to show that, for every valuation 
V, v{H ^ c A Gl a K-O a Gr) is locally stratified w.r.t. cr. By the inductive 
hypothesis, we have that: (i) for every valuation w(7) is locally stratified 
w.r.t. (T, and (ii) for every valuation v, v{5) is locally stratified w.r.t. a. Take any 
valuation v. There are two cases: (a) T> \= ^v{c) and (b) V |= w(c). In Case (a), 
v{r]) is locally stratified w.r.t. a by definition. In Case (b), take any literal v{L) 
occurring in v{B'd). Now, either (bl) v{L) is a positive literal, or (b2) v{L) is 
a negative literal. In Case (bl) there are two subcases: (bl.l) V |= ^v{dd)^ and 
(bl.2) V 1= v{dd). In Case (bl.l) by Condition (iv) of rule Rl, (y{v{Kd)) = 
and thus, a{v{H)) > a{v{K'&)). Hence, v{ri) is locally stratified w.r.t. a. In 
Case (bl.2), we have that T> \= v{c A d-d) and, by the inductive hypothesis, 
a(v{H)) > (7{v{M)). Thus, (7{v{H)) > (7{v{K-d)), because by Condition (iv) of 
rule Rl, a{v{K'&)) is the smallest ordinal a such that a > a{v{L-&)). Thus, v{r]) 
is locally stratified w.r.t. a. 

Case (b2), when v{L) is a negative literal occurring in v{B'd), has a proof similar 
to the one of Case (bl), except that a{v{H)) > a{v{L-d)), instead of a{v{H)) > 
a{v{M)). 

Case 6. Program Pfc+i is derived by negative folding (rule R6). We have that 
Pfc+i = (Pfe -{7})U{?7}, where 77 is a clause of the form H ^ cAdd AGl A^K-d A 
Gr derived by negative folding of clause 7 of the form H ^ cAd-dAGhA^A'dAGR 
using a clause 8 of the form K <^ dAA introduced by rule Rl. We have to show 
that, for every valuation v, v{ri) is locally stratified w.r.t. a. By the inductive 
hypothesis, we have that: (i) for every valuation v, v{H <— cAdd AG l A^Ad AG r) 
is locally stratified w.r.t. cr, and (ii) for every valuation v, v{K d A A) is 
locally stratified w.r.t. a. Take any valuation v. There are two cases: (a) V \= 
^v{cAd'd), and (b) T> \= v{cAd'&). In Case (a), v{ri) is locally stratified w.r.t. a 
by definition. In Case (b), by the inductive hypothesis, we have only to show 
that a{v{H)) > a{v{Kd)). Since V \= v{c A d-d), by the inductive hypothesis we 
have that a{v{H)) > a{v(A'd)). By Condition (iv) of the rule Rl, we have that 
a{v{H)) > a{v{K'&)). Hence, v{r]) is locally stratified w.r.t. a. 

Case 7. Program Pk+i is derived by replacement (rule R7). Wc have that Pk+i = 
{Pk — Pi) U 72, where {Pk — A) is locally stratified w.r.t. a by the inductive 
hypothesis and 72 is locally stratified w.r.t. a by the applicability conditions of 
rule R7. Thus, Pk+i is locally stratified w.r.t. a. 

Case 8. Program Pk+i is derived by deletion of useless clauses (rule R8). Pk+i 
is locally stratified w.r.t. a by the inductive hypothesis because Pk+i ^ Pk- 

Case 9. Program Pk+i is derived by constraint addition (rule R9). We have that 
Pk+i = (Pfe — {7i})U{72}, where 72 : -ff ^ cAdAG is the clause in Pk+i derived 
by constraint addition from the clause 71 : H ^ c AG in Pk. For every valuation 
V, v{H <— c A A G) is locally stratified w.r.t. a because: (i) by the induction 
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hypothesis v{H ^ cAG) is locally stratified w.r.t. a and (ii) if I? w(cArf) then 
V 1= v{c). Since, by the inductive hypothesis, {Pk — {71}) is locally stratified 
w.r.t. cr, also Pk+i is locally stratified w.r.t. a. 

Case 10. Program Pk+i is derived by constraint deletion (rule RIO). We have 
that Pk+i — {Pk — {71}) U {72}, where -f2- H ^ c A G is the clause in Pk+i 
derived by constraint deletion from clause 71 : H ^ c A d A G in Pk. By the 
applicability conditions of RIO, 7 is locally stratified w.r.t. a. Since, by the 
inductive hypothesis, {Pk — {71}) is locally stratified w.r.t. cr, also Pk+i is locally 
stratified w.r.t. cr. 

Finally, PoUDefs^ is locally stratified w.r.t. cr by the hypothesis that Pq is locally 
stratified w.r.t. cr and by Condition (iv) of rule Rl. □ 

7.2 Appendix B 

In the proofs of Appendices B and C we use the following notions. Given a clause 
7: <— c A Li A . . . A Lm and a valuation v such that V ^ w(c), we denote by 7^ 
the clause v{H ^ Li A . . . A Lm)- We define ground{"f) = {-fv \ v is a valuation 
and T> |= v{c)}. Given a set P of clauses, we define ground{r) = [J^i^p ground{'^). 

Proof of Proposition Recall that Pq, . . . ,Pi is constructed by z (> 0) applica- 
tions of the definition rule, that is. Pi ~ PoUDefs^, and Pi, Pj is constructed 
by applying once the positive unfolding rule to each clause in DefSi. Let a be 
the fixed stratification function considered at the beginning of the construction 
of the transformation sequence. By Proposition^ each program in the sequence 
Pi, ... , Pj is locally stratified w.r.t. cr. 

Let us consider a ground atom A. By complete induction on the ordinal cr{A) 
we prove that, for k — i, . . . , there exists a proof tree for A and Pk iff there 
exists a proof tree for A and Pk+i. The inductive hypothesis is: 

(11) for every ground atom A', if a {A') < cr{A) then there exists a proof tree for 
A' and Pk iff there exists a proof tree for A' and Pk+i. 

{If Part) We consider a proof tree U for A and Pk+i, and we show that we can 
construct a proof tree T for A and Pk. We proceed by complete induction on 
size{U). The inductive hypothesis is: 

(12) given any proof tree Ui for a ground atom Ai and Pk+i, if size{Ui) < size{U) 
then there exists a proof tree Ti for Ai and Pk . 

Let 7 be a clause of Pk+i and let 7.1,: A ^ Li A ... A be the clause in 
ground{'y) used at the root of U . Thus, Li, . . . ,Lr are the children of A in U. For 
h = 1, . . . ,r, if L/i is an atom then the subtree Uh oi U rooted at Lh is a proof 
tree for Lh and Pfc+i. Since size{Uh) < size{U), by the inductive hypothesis (12) 
there exists a proof tree Th for Lh and Pk. For h = 1, . . . ,r, ii Lh is a negated 
atom ->Ah then, by the definition of proof tree, there exists no proof tree for Ah 
and Pk+i. Since ct is a local stratification for Pk+i, we have that a{Ah) <a{A) 
and, by the inductive hypothesis (II) there exists no proof tree for Ah and Pk. 

Now, we proceed by cases. 
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Case 1. 7 € Pk- We construct T as follows. The root of T is A. We use 7t,: 
>1 <— Li A . . . A ir to construct the children of A. If r = then true is the only 
child of A in T, and T is a proof tree for A and Pfe- Otherwise r > 1 and, for 
h = 1, . . . , r, if L/i is an atom Ah then T/j is the subtree of T at Ah, and if L/j 
is a negated atom then Lh is a leaf of T. By construction we have that T is a 
proof tree for A and Pk- 

Case 2. 7 ^ P/c and 7 € Pfc+i because 7 is derived by positive unfolding. Thus, 
there exist: a clause a in Pk of the form H ^ c A Gl /\ As A Gr and a variant 
/3 of a clause in Pfe of the form K ^ d A B such that clause 7 is of the form 
H ^ cAAs=KAdAGLABAGR. Thus, (i) v{H) = ^, (ii) I? |= v{cAAs^KAd), 
and (iii) ^(G'l ABA Gr) = Li, . . . , L^- By (ii) we have that G ground{Pk) 
and /3y S ground{Pk). (Notice that, since /3 is a variant of a clause in P/-, then 
e ground{Pk).) 

We construct T as follows. The root of T is A. Wc use a„ to construct the 
children of A and then we use to construct the children of As . The leaves of 
the tree constructed in this way are Li, . . . , L^. If r = then true is the only leaf 
of T, and T is a proof tree for A and Pfe. Otherwise r > 1 and, for /i = 1, . . . , r, 
if Lh is an atom then Th is the subtree of T rooted at Lh, and if Lh is a negated 
atom then Lh is a leaf of T. By construction we have that T is a proof tree for 
A and Pfe. 

{Only-if Part) We consider a proof tree T for a ground atom A and program Pfe, 
for A; = i, . . . j — 1, and we show that we can construct a proof tree U for A and 
Pfe+i. We proceed by complete induction on size{T). The inductive hypothesis 
is: 

(13) given any proof tree Ti for a ground atom Ai and Pfe, if size{Ti) <size{T) 
then there exists a proof tree Ui for Ai and Pfe+i. 

Let 7 be a clause of Pfe and let 7„ : ^ <— L\ A . . . A Lr be the clause in 
ground{'y) used at the root of T. Now we proceed by cases. 
Case 1. 7 € Pfe+i. We construct the proof tree U for A and Pfe+i as follows. We 
use 7^ to construct the children Li, . . . ,Lr of the root A. If r = then true is 
the only child of A in U, and U is a proof tree for ^ and Pfe+i. Otherwise, r > 1 
and, for /i = 1, . . . , r, if L^, is an atom, we consider the subtree Th of T rooted 
at Lh. We have that Th is a proof tree for Lh and Pfe with size{Th) < size{T) 
and, therefore, by the inductive hypothesis (13), there exists a proof tree Uh for 
Lh and Pfe+i. For /i = 1, . . . , r, if L/j is a negated atom ^Ah, then a{A)>a{Ah) 
because ct is a stratification function for Pfe. Thus, by the inductive hypothesis 
(II) we have that there is no proof tree for A/, and Pfe+i. The construction of 
U continues as follows. For /i = 1, . . . , r, if L/^ is an atom then we use Uh as a 
subtree of U rooted at Lh and, if Lh is a negated atom, then Lh is a leaf of U. 
Thus, by construction we have that U is a proof tree for A and Pfe+i. 
Case 2. 7 e Pfe and 7 ^ Pfe+i because 7 has been unfolded w.r.t. an atom in its 
body. Let us assume that 7 is of the form H c A Gl A As A Gr and 7 has 
been unfolded w.r.t. As- Wc have that: (i) v{H) ~ A, (ii) T> \= v{c), and (iii) the 
ground literals Li, . . . ,Lr such that Li A . . . A L^ = v{Gl A As A Gr) are the 
children of A in T. Let p: K ^— dAB he the clause in Pfe which has been used for 
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constructing the children of v{As) in T. Thus, there exists a valuation v' such 
that: (iv) v{As) = v'{K), (v) V |= v'{d), and (vi) the literals in v'{B) are the 
children of v{As) in T. Without loss of generality we may assume that 7 and (3 
have no variables in common and v — v' . Thus, the ground literals Mi, . . . , Mg 
such that Ml A ... ^ Ms = v(Gl ABA Gr) are descendants of A in T. For 
h = 1, . . . , s, if M/j is an atom, let us consider the subtree T/j of T rooted at 
Mfi. We have that is a proof tree for M/j and Pfc with size{Th) < size{T) and, 
therefore, by the inductive hypothesis (13), there exists a proof tree Uh for M^ 
and Pfc+i. For /i = 1, . . . , s, if is a negated atom ^Ah then M/i is a leaf of T 
and there exists no proof tree for Ah and Pk ■ Since cr is a stratification function 
for Pk, we have that cf{A) > a{Ah) and thus, by the inductive hypothesis (II), 
there exists no proof tree for Ah and Pk+i- 

Now let us consider the clause 77: H^cAAs — KAdh Gl ABA Gr. tj is 
one of the clauses derived by unfolding 7 because /? S Pk and, by (ii), (iv), (v) 
and the assumption that v = v' , we have that V \= v{c A As = K A d) and hence 
V ^ 3{c A As — K A d). Thus, we construct a proof tree U for A and Pk+i as 
follows. Since A — v{H) and Mi A ... A Mg = v{Gl ABA Gr), we can use 77^: 
v{H 'r- Gl AB A Gr) to construct the children Mi, . . . , Ms of ^ in f7. If s = 
then true is the only child of A in U, and J7 is a proof tree for A and Pk+i. 
Otherwise, s > 1 and, for ft. = 1, . . . , s, if Mh is an atom then Uh is the proof tree 
rooted at Mh in U. If Mh is a negated atom then Mh is a leaf of U. The proof 
tree U is the proof tree for A and Pk+i to be constructed. □ 

7.3 Appendix C 

Proof of Proposition El Recall that the transformation sequence Pq, . . . , Pi, . . . , Pj , 
. . . , Pm is constructed as follows (see Definition : 

(1) the sequence Pq,. . . ,Pi, with i>0, is constructed by applying i times the 
definition introduction rule, that is. Pi = PqU DefSi; 

(2) the sequence Pi, . . . ,Pj is constructed by applying once the positive unfolding 
rule to each clause in DefSi which is used for applications of the folding rule in 

Pj, ■ ■ ■ , Pm ', 

(3) the sequence Pj, . . . , Pm, with j < m, is constructed by applying any rule, 
except the definition introduction and definition elimination rules. 

Let a be the fixed stratification function considered at the beginning of the 
construction of the transformation sequence. By Proposition^ each program in 
the sequence Pq U DefSi, . . . ,Pj, . . . , Pm is locally stratified w.r.t. a. 

We will prove by induction on k that, for k = j, . . . ,m, 
{Soundness) if there exists a proof tree for a ground atom A and Pk then there 
exists a proof tree for A and Pj , and 

(Completeness) if there exists a Pj-consistent proof tree for a ground atom A 
and Pj then there exists a Pj-consistent proof tree for A and Pk. 
The base case (k = j) is trivial. 

For proving the induction step, consider any k in {j, . . . , m— 1}. We assume that 
the soundness and completeness properties hold for that k, and we prove that 
they hold for fc+1. For the soundness property it is enough to prove that: 
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- if there exists a proof tree for a ground atom A and Pk+i then there exists a 
proof tree for A and Pk , 

and for the completeness property it is enough to prove that: 

- if there exists a -consistent proof tree for a ground atom A and Pk then there 
exists a Pj-consistent proof tree for A and Pk+i- 

We proceed by complete induction on the ordinal <jiA) associated with the 
ground atom A. The inductive hypotheses are: 

(IS) for every ground atom A' such that a{A') < (t{A), if there exists a proof tree 
for A' and Pk+i then there exists a proof tree for A' and Pk, and 

(IC) for every ground atom A' such that a-{A') < <j{A), if there exists a 
Pj-consistent proof tree for A' and Pk then there exists a Pj-consistent proof 
tree for A' and Pk+i- 

By the inductive hypotheses on soundness and completeness for k, (IS), (IC), 
and Proposition 31 we have that: 

(ISC) for every ground atom A' such that cr{A') <a{A), there exists a proof tree 
for A' and Pk iS there exists a proof tree for A' and Pk+i- 

Now we give the proofs for the soundness and the completeness properties. 

Proof of Soundness. Given a proof tree U for A and Pk+i we have to prove that 
there exists a proof tree T for A and Pk ■ The proof is by complete induction on 
size{T). The inductive hypothesis is: 

(Isize) Given any proof tree U' for a ground atom A' and Pfe+i, if size{U') < 
size{U) then there exists a proof tree T' for A' and Pk. 

Let 7 be a clause in Pk+i and w be a valuation. Let 7^ S ground{'^) be the 
ground clause of the form A Li /\ . . . /\ Lr used at the root of U . We proceed 
by considering the following cases: either (Case 1) 7 belongs to Pk or (Case 
2) 7 does not belong to Pk and it has been derived from some clauses in Pk 
by applying a transformation rule among R3, R4, R5, R6, R7, R9, RIO. (Recall 
that Rl and R2 are not applied in Pj, . . . , Pm, and by R8 we delete clauses.) 

The proof of Case 1 and the proofs of Case 2 for rules R3, R4, R9, and RIO 
are left to the reader. Now we present the proofs of Case 2 for rules R5, R6, and 
R7. 

Case 2, rule R5. Clause 7 is derived by positive folding. Let 7 be derived by 
folding clauses 71, . . . , 7^ in P^ using clauses (5i, . . . , (5m where, for i = 1, . . . , m, 
clause 5i is of the form K ^ di A Bi and clause 7^ is of the form if <— c A 
did AGl /\ Bi'd AGr, for a substitution d satisfying Conditions (i) and (ii) given 
in (R5). Thus, 7 is of the form: ii <— c A Gl A Kd A Gr and we have that: 
(a) v{H) = A, (b) V h v{c), and (c) v{Gl A Kd A Gr) ^ Li A . . . A Lr- Since 
program Pk+i is locally stratified w.r.t. a, by the inductive hypotheses (ISC) and 
(Isize) we have that: for /i = 1, . . . , r, if L/j is an atom then there exists a proof 
tree Th for Lh and Pk , and if Lh is a negated atom ^Ah then there is no proof 
tree for Ah and Pk. The atom v{K'd) is one of the literals Li, . . . , L^, say L/, and 
thus, there exists a proof tree for v{Kd) and Pk- By the inductive hypothesis 
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(Soundness) for Pk and PropositionEl there exists a proof tree for v{K'd) and Pi. 
Since = Pq U Defs^ and 5i,. . . ,5m are all clauses in (a variant of) Po U Defs„ 
which have the same predicate symbol as K, there exists Sp £ Si, ... ,6m such 
that Sp is of the form K <^ dp A Bp and Sp is used to construct the children of 
v{K§) in the proof tree for v{Kd) and Pi. By Conditions (i) and (ii) on d given 
in (R5), we have that: (d) V ^ v{dp-d) and (e) viBp-d) = Mi A ... A M^. By 
the definition of proof tree, for h = 1, . . . , s, if is an atom then there exists 
a proof tree for and Pi , else if is a negated atom -^E^ then there is no 
proof tree for Eh and Pi. By Propositions El and 31 and the inductive hypotheses 
(Soundness and Completeness) we have that, for /i = 1, . . . , s, if Mh is an atom 
then there exists a proof tree Th for and Pk , else if Mh is a negated atom 
-i-B/t then there is no proof tree for Eh and Pk . 

Now we construct the proof tree T for A and Pk as follows. By (a), (b), 
and (d), we have that v{H) = A and V |= z;(c A dp-d). Thus, we construct the 
children of A in T by using the clause jpi H ^ c A dp-d AGl A Bp-d A Gr. Since 
v{GLABp-dAGR) = LiA. . .AL/_iAAfiA. . .AM^ALf+iA. . .ALr, the children of A 
in T are: Li, . . . , Mi, . . . , Af^, Lf+i, . . . , Lr. By the applicability conditions 

of the positive folding rule, we have that s > and A has a child different from 
the empty conjunction true. The children of A are constructed as follows. For 
/i = 1, . . . , r, if L/i is an atom then Th is the subtree of T rooted in Lh, else if 
Lh is a negated atom then Lh is a leaf of T. For h — 1, . . . , s, if Mh is an atom 
then Th is the subtree of T rooted in , else if Mh is a negated atom then Mh 
is a leaf of T. 

Case 2, rule R6. Clause 7 is derived by negative folding. Let 7 be derived by 
folding a clause a in Pk of the form H ^ cAGl A -^Apd A Gr by using a clause 
(5 e Pe/Si of the form if ^ dA^F. Thus, 7 is of the form ^ cAGhA^K-dAGR. 

Let 7u be of the form A ^ Pi A ... A P/_i A -^v{K-d) A P/+i A ... A P^, 
that is, v{H) — A and V ^ w(c). By the conditions on the applicability of 
rule R6, we also have that V ^ v{dd). Since program Pfe+i is locally stratified 
w.r.t. a, we have that a{v{K'd)) < a{A). By the definition of proof tree, there 
is no proof tree for v{K'd) and Pfc+i. Thus, by hypothesis (ISC) there exists no 
proof tree for v{Kd) and Pk- By the inductive hypothesis (Completeness) and 
Propositions and 01 there exists no proof tree for v{K'd) and Pq U Pe/Sj and 
thus, since K ^ d A Ap is the only clause defining the head predicate of K and 
V \= v{dd), there is no proof tree for v{Af^) and Pq U Defs^. By Proposition El 
and the inductive hypothesis (Soundness), there exists no proof tree for v{Ap'd) 
and Pfc. Since V \= v{c) there exists a clause ay in ground{a) of the form 
j4 <— Pi A . . . A P/_i A ^v^Ap-d) A P/+i A ... A P^. We begin the construction of 
T by using at the root. For all ft. = 1, . . . , / — 1, /+ 1, . . . , r such that Lh is an 
atom and Uh is the subtree of U rooted in Lh, we have that size{Uh) < size{U). 
By hypothesis (Isize) there exists a proof tree Th for Lh and Pk which we use as 
a subtree of T rooted in Lh. For all h = 1, . . . , f — 1, f + 1, . . . ,r such that Lh is a 
negated atom -^Ah we have that a{Ah) < cr{A), because program Pfc+i is locally 
stratified w.r.t. a. Moreover, there is no proof tree for Ah in Pfe+i, because U is 
a proof tree. By hypothesis (ISC) we have that there is no proof tree for Ah in 
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Pfc. Thus, for all /i = 1, . . . , / — 1, / + 1, . . . , r such that Lh is a negated atom 
we take Lh to be a leaf of T. 

Case2, rule R7. Clause 7 is derived by replacement. We only consider the case 
where Pk+i is derived from program Pk by applying the replacement rule based 
on law (8). The other cases are left to the reader. Suppose that a clause rj: 
H <— Ci AG in Pk is replaced by clause j: H ^ C2AG and I? |= V {3Y a ^ 3Z C2), 
where: (i) Y = FV{ci)-FVi{H,G}) and (ii) Z = FVic2)-FV{{H,G}). Thus, 
ground{'j) = ground{r]) and we can construct a proof tree for the ground atom 
A and Pk by using a clause in ground{r]), instead of a clause in ground{j). 

Proof of Completeness. Given a Pj-consistent proof tree for A and Pk, we prove 
that there exists a Pj-consistent proof tree for A and Pk+i- The proof is by 
well-founded induction on ^{A,Pj). The inductive hypothesis is: 

(I^) for every ground atom A' such that fi{A',Pj) < ^{A,Pj), if there exists a 
Pj-consistent proof tree T' for A' and Pk then there exists a Pj-consistent proof 
tree U' for A' and Pk+i. 

Let 7 be a clause in Pk and w be a valuation such that jv € ground{'j) is the 
ground clause of the form 7? <— Li A . . . A Lj. used at the root of T. 

The proof proceeds by considering the following cases: either 7 belongs to 
Pfc+i or 7 does not belong to Pfe+i because it has been replaced (together with 
other clauses in Pk) with new clauses derived by an application of a transforma- 
tion rule among R3, R4, R5, R6, R7, R8, R9, RIO (recall that Rl and R2 are 
not applied in Pj, ... , Pm)- We present only the case where Pk+i is derived from 
Pfe by positive folding (rule R5). The other cases are similar and are left to the 
reader. 

Suppose that Pk+i is derived from Pk by folding clauses 71, . . . ,7m in Pk 
using clauses 5i, . . . , (5™ in (a variant of) Defsj., and let 7 be 7p, with 1 < p < m. 
Suppose also that, for « = 1, . . . , to, clause Si is of the form K ^ di A Bi and 
clause 7i is of the form H ^ c A di'd AGl A Bi'd A Gr, for a substitution 'd 
satisfying Conditions (i) and (ii) given in (R5). The clause 77 derived by folding 
7i, . . . , 7m using ... ,5m is of the form: H ^ c A Gl A K-ff A Gr. Since we 
use 7^ at the root of T, we have that: (a) v[H) = A, (b) V [= v{c A dpd), 
and (c) v{Gl A Bp-d A Gr) = Li A . . . A Lr, that is, for some /I, /2, v{Gl) = 
Li A . . . A L/i, v{Bp-d) = A . . . A L/2, and v{Gr) = i/2+1 A ... A Lr. By 

Proposition 31 and the inductive hypotheses (Soundness and Completeness), for 
h = fl + 1, . . . , f2, if Lh is an atom then there exists a proof tree for Lh and Pj , 
and if Lh is a negated atom -^Ah then there is no a proof tree for Ah and Pj . By 
Proposition El by the fact that (by ii) V ^ v{dp'd), and by the fact that 6p G Pi 
(recall that Defsj^ C P^), we have that there exists a proof tree for v{Kd) and 
Pj. Moreover, since K ^ dp A Bp has been unfolded w.r.t. a positive literal, we 
have that: 

(t) fi{v{Bpd),P,)>fi{v{m,Pj) 

By Proposition 01 and the inductive hypothesis (Completeness), there exists a 
proof tree for v{K-d) and Pk- Since T is P^-consistent we have that, for h = 
1, . . . , r, /Lt(A, Pj) > n{Lh, Pj). Moreover, we have that: 
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IJ.{A, Pj) > ij,{v{Gl a Bp^ A Gr), Pj) (because T is Pj-consistent) 

= hIvIGl), Pj) © niviBp-d), Pj) © fi{v{GR), P,) (by definition of /i) 
>f,{viGL),Pj)(Bi^{v{m,Pj)®l,{v{GR),Pj) (by (f)) 
> iJ,{v{K-d), Pj) (by definition of /i) 

By the inductive hypotheses (I/z) and (IS), for h = 1, . . . , /I, /2 + 1, . . . , r, if L^, 
is an atom then there exists a Pj-consistent proof tree Uh for Lh and Pfc+i, and 
if Lh is a negated atom ^Ah then there is no a proof tree for and Pfc+i- 
Moreover, by the inductive hypothesis {l/J^), there exists a Pj-consistent proof 
tree U for v{K'd) and P/j+i. 

Now we construct a P, -consistent proof tree U for A and Pfc+i as follows. 
By (a) and (b) we have that v{H) = A and V \= v{c). Thus, we construct 
the children oi A m U by using the clause rj: H <— c A G l /\ Kd A Gr,. Since 
v{Gl AK-d a Gr) = Li a . . . a L/1 a viK-d) A L/2+1 A ... A L^, the children of 
AmU are: Li, . . . , Lfi, v{Kd), i/2+1, • • • , ^r- The construction of U continues 
as follows. For h — 1, . . . , /I, /2 + 1, . . . , r, if Lh is an atom then Uh is the 
Pj-consistent subtree of U rooted in Lh, else if Lh is a negated atom then Lh is 
a leaf of U. Finally, the subtree of U rooted in v{K^) is the Pj-consistent proof 
tree U . 

The proof tree U is indeed P,-consistent because: (i) for h = !,...,/!, 
/2 + l,...,r, ii{A,Pj) > i^{Lh,Pj), (ii) KA,Pj)> iJ,{v{Kd),Pj), and (iii) ev- 
ery subtree rooted in one of the literals Li,. . . ,Lfi,v{K'&),Lf2+i, . . . ,Lr is Pj- 
consistent. □ 
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